diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 000000000..3c2492803 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,6 @@ +# Release team is the new owner of the repository + +/.github/* @rancher/release-team + +# Hostbusters is the chart owner for k3s upgrader +/charts/rancher-k3s-upgrader/* @rancher/rancher-team-2-hostbusters-dev \ No newline at end of file diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index b7f384fd0..c8dd92484 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -2,10 +2,8 @@ name: CI-pullrequest on: pull_request: branches: - - dev-v2.6 - - release-v2.6 - - dev-v2.7 - - release-v2.7 + - dev-v* + - release-v* jobs: validate-chart-questions: diff --git a/charts/rancher-cis-benchmark/0.1.0/.helmignore b/charts/rancher-cis-benchmark/0.1.0/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-cis-benchmark/0.1.0/Chart.yaml b/charts/rancher-cis-benchmark/0.1.0/Chart.yaml deleted file mode 100644 index 1d1004a75..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: "0.1.0" -description: | - Run CIS benhmark tests -name: rancher-cis-benchmark -version: 0.1.0 -home: https://github.com/rancher/system-charts/charts/rancher-cis-benchmark -sources: - - "https://github.com/rancher/system-charts/charts/rancher-cis-benchmark" -maintainers: - - name: Murali Paluru - email: leodotcloud@gmail.com diff --git a/charts/rancher-cis-benchmark/0.1.0/questions.yaml b/charts/rancher-cis-benchmark/0.1.0/questions.yaml deleted file mode 100644 index 633f21967..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/questions.yaml +++ /dev/null @@ -1,2 +0,0 @@ -rancher_min_version: 2.4.0-rc1 -rancher_max_version: 2.4.4 diff --git a/charts/rancher-cis-benchmark/0.1.0/templates/NOTES.txt b/charts/rancher-cis-benchmark/0.1.0/templates/NOTES.txt deleted file mode 100644 index e7e7bdf63..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "rancher-cis-benchmark.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "rancher-cis-benchmark.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rancher-cis-benchmark.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "rancher-cis-benchmark.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.1.0/templates/_helpers.tpl b/charts/rancher-cis-benchmark/0.1.0/templates/_helpers.tpl deleted file mode 100644 index 3776d9f32..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "rancher-cis-benchmark.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "rancher-cis-benchmark.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "rancher-cis-benchmark.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/0.1.0/templates/configmap.yaml b/charts/rancher-cis-benchmark/0.1.0/templates/configmap.yaml deleted file mode 100644 index 4602fdc90..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/templates/configmap.yaml +++ /dev/null @@ -1,117 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-config-cm-{{ .Release.Name }} -data: - config.json: | - { - "Description": "kube-bench plugin for CIS benchmarks", - "Filters": { - "LabelSelector": "", - "Namespaces": "[^\\w-.]+" - }, - "PluginNamespace": "{{ .Release.Namespace }}", - "Plugins": [ - { - "name": "rancher-kube-bench" - } - ], - "PluginSearchPath": [ - "/plugins.d" - ], - "Resources": [], - "ResultsDir": "/tmp/sonobuoy", - "Server": { - "advertiseaddress": "{{ include "rancher-cis-benchmark.fullname" . }}", - "bindaddress": "0.0.0.0", - "bindport": 443, - "timeoutseconds": 5400 - }, - "Namespace": "{{ .Release.Namespace }}", - "WorkerImage": "{{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}:{{ .Values.image.sonobuoy.tag }}", - "Version": "{{ .Values.image.sonobuoy.tag }}" - } ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-plugins-cm-{{ .Release.Name }} -data: - rancher-kube-bench.yaml: | - podSpec: - containers: [] - dnsPolicy: ClusterFirstWithHostNet - hostIPC: true - hostNetwork: true - hostPID: true - serviceAccountName: s-sa-{{ .Release.Name }} - {{- if .Values.sonobuoy.tolerations }} - tolerations: -{{ toYaml .Values.sonobuoy.tolerations | trim | indent 6 }} - {{- end }} - volumes: - - hostPath: - path: / - name: root - - hostPath: - path: /etc/passwd - name: etc-passwd - - hostPath: - path: /etc/group - name: etc-group - sonobuoy-config: - driver: DaemonSet - plugin-name: rancher-kube-bench - result-type: rancher-kube-bench - result-format: raw - spec: - name: rancher-kube-bench - image: '{{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}:{{ .Values.image.securityScan.tag }}' - command: ["/bin/bash", "-c", "run_sonobuoy_plugin.sh && sleep 3600"] - env: - - name: SONOBUOY_NS - value: {{ .Release.Namespace }} - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: RESULTS_DIR - value: /tmp/results - - name: CHROOT_DIR - value: /node - {{- if .Values.overrideBenchmarkVersion }} - - name: OVERRIDE_BENCHMARK_VERSION - value: {{ .Values.overrideBenchmarkVersion }} - {{- end }} - {{- if .Values.debugWorker }} - - name: DEBUG - value: "true" - - name: DEBUG_TIME_IN_SEC - value: {{ .Values.debugTime }} - {{- end }} - imagePullPolicy: Always - securityContext: - privileged: true - volumeMounts: - - mountPath: /tmp/results - name: results - readOnly: false - - mountPath: /node - name: root - readOnly: true - - mountPath: /etc/passwd - name: etc-passwd - readOnly: true - - mountPath: /etc/group - name: etc-group - readOnly: true diff --git a/charts/rancher-cis-benchmark/0.1.0/templates/ingress.yaml b/charts/rancher-cis-benchmark/0.1.0/templates/ingress.yaml deleted file mode 100644 index a63a59e5a..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "rancher-cis-benchmark.fullname" . -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - backend: - serviceName: {{ $fullName }} - servicePort: http - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.1.0/templates/pod.yaml b/charts/rancher-cis-benchmark/0.1.0/templates/pod.yaml deleted file mode 100644 index 97af7bc41..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/templates/pod.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: security-scan-runner-{{ .Release.Name }} - {{- if ne .Values.owner "" }} - annotations: - field.cattle.io/clusterScanOwner: "{{ .Values.owner }}" - {{- end }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - run: sonobuoy-master -spec: - serviceAccountName: s-sa-{{ .Release.Name }} - terminationGracePeriodSeconds: 0 - volumes: - - configMap: - name: s-config-cm-{{ .Release.Name }} - name: s-config-volume - - configMap: - name: s-plugins-cm-{{ .Release.Name }} - name: s-plugins-volume - - emptyDir: {} - name: output-volume - {{- if ne .Values.userSkipConfigMapName "" }} - - configMap: - name: {{ .Values.userSkipConfigMapName }} - name: user-skip-info-volume - {{- end }} - {{- if ne .Values.defaultSkipConfigMapName "" }} - - configMap: - name: {{ .Values.defaultSkipConfigMapName }} - name: default-skip-info-volume - {{- end }} - {{- if ne .Values.notApplicableConfigMapName "" }} - - configMap: - name: {{ .Values.notApplicableConfigMapName }} - name: not-applicable-info-volume - {{- end }} - containers: - - name: {{ .Chart.Name }} - restartPolicy: Never - env: - {{- if .Values.overrideBenchmarkVersion }} - - name: OVERRIDE_BENCHMARK_VERSION - value: {{ .Values.overrideBenchmarkVersion }} - {{- end }} - - name: SONOBUOY_NS - value: {{ .Release.Namespace }} - - name: SONOBUOY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SONOBUOY_ADVERTISE_IP - value: {{ include "rancher-cis-benchmark.fullname" . }} - {{- if ne .Values.owner "" }} - - name: OUTPUT_CONFIGMAPNAME - value: {{ .Release.Name }} - {{- end }} - {{- if .Values.debugMaster }} - - name: DEBUG - value: "true" - - name: DEBUG_TIME_IN_SEC - value: {{ .Values.debugTime }} - {{- end }} - image: '{{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}:{{ .Values.image.securityScan.tag }}' - imagePullPolicy: {{ .Values.image.securityScan.pullPolicy }} - ports: - - containerPort: 8080 - protocol: TCP - volumeMounts: - - mountPath: /etc/sonobuoy - name: s-config-volume - - mountPath: /plugins.d - name: s-plugins-volume - - mountPath: /tmp/sonobuoy - name: output-volume - {{- if ne .Values.userSkipConfigMapName "" }} - - mountPath: /etc/kbs/userskip - name: user-skip-info-volume - {{- end }} - {{- if ne .Values.defaultSkipConfigMapName "" }} - - mountPath: /etc/kbs/defaultskip - name: default-skip-info-volume - {{- end }} - {{- if ne .Values.notApplicableConfigMapName "" }} - - mountPath: /etc/kbs/notapplicable - name: not-applicable-info-volume - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.1.0/templates/rbac.yaml b/charts/rancher-cis-benchmark/0.1.0/templates/rbac.yaml deleted file mode 100644 index 919d141a2..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/templates/rbac.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: s-sa-{{ .Release.Name }} -subjects: -- kind: ServiceAccount - name: s-sa-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-cis-benchmark/0.1.0/templates/service.yaml b/charts/rancher-cis-benchmark/0.1.0/templates/service.yaml deleted file mode 100644 index 0882f4abd..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "rancher-cis-benchmark.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 443 - protocol: TCP - selector: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/rancher-cis-benchmark/0.1.0/values.yaml b/charts/rancher-cis-benchmark/0.1.0/values.yaml deleted file mode 100644 index 7ea279a94..000000000 --- a/charts/rancher-cis-benchmark/0.1.0/values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -# if owner is specified, it's used for the name of the configmap for results -owner: "" -# userSkipConfigMapName is used to specify the name of cm where user skip info is stored -userSkipConfigMapName: "" -# defaultSkipConfigMapName is used to specify the name of cm where default skip info is stored -defaultSkipConfigMapName: "" -# notApplicableConfigMapName -notApplicableConfigMapName: "" -# overrideBenchmarkVersion is used to override the default benchmark version used for -# a particular k8s version -overrideBenchmarkVersion: "" - -# when debug=true, the plugin pods sleep for the time specified -debugMaster: false -debugWorker: false -debugTime: "infinity" - -sonobuoy: - tolerations: [] - -image: - securityScan: - repository: rancher/security-scan - tag: v0.1.9 - pullPolicy: Always - sonobuoy: - repository: rancher/sonobuoy-sonobuoy - tag: v0.16.3 - -nameOverride: "" -fullnameOverride: "" - -service: - type: ClusterIP - port: 443 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: -- operator: Exists - -affinity: {} - -global: - systemDefaultRegistry: "" \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/0.1.1/.helmignore b/charts/rancher-cis-benchmark/0.1.1/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-cis-benchmark/0.1.1/Chart.yaml b/charts/rancher-cis-benchmark/0.1.1/Chart.yaml deleted file mode 100644 index 6bc1589d1..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: "0.1.1" -description: | - Run CIS benhmark tests -name: rancher-cis-benchmark -version: 0.1.1 -home: https://github.com/rancher/system-charts/charts/rancher-cis-benchmark -sources: - - "https://github.com/rancher/system-charts/charts/rancher-cis-benchmark" -maintainers: - - name: Murali Paluru - email: leodotcloud@gmail.com diff --git a/charts/rancher-cis-benchmark/0.1.1/questions.yaml b/charts/rancher-cis-benchmark/0.1.1/questions.yaml deleted file mode 100644 index ad53b14ac..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/questions.yaml +++ /dev/null @@ -1,2 +0,0 @@ -rancher_min_version: 2.4.5-rc1 -rancher_max_version: 2.4.5 diff --git a/charts/rancher-cis-benchmark/0.1.1/templates/NOTES.txt b/charts/rancher-cis-benchmark/0.1.1/templates/NOTES.txt deleted file mode 100644 index e7e7bdf63..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "rancher-cis-benchmark.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "rancher-cis-benchmark.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rancher-cis-benchmark.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "rancher-cis-benchmark.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.1.1/templates/_helpers.tpl b/charts/rancher-cis-benchmark/0.1.1/templates/_helpers.tpl deleted file mode 100644 index 3776d9f32..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "rancher-cis-benchmark.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "rancher-cis-benchmark.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "rancher-cis-benchmark.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/0.1.1/templates/configmap.yaml b/charts/rancher-cis-benchmark/0.1.1/templates/configmap.yaml deleted file mode 100644 index 4602fdc90..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/templates/configmap.yaml +++ /dev/null @@ -1,117 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-config-cm-{{ .Release.Name }} -data: - config.json: | - { - "Description": "kube-bench plugin for CIS benchmarks", - "Filters": { - "LabelSelector": "", - "Namespaces": "[^\\w-.]+" - }, - "PluginNamespace": "{{ .Release.Namespace }}", - "Plugins": [ - { - "name": "rancher-kube-bench" - } - ], - "PluginSearchPath": [ - "/plugins.d" - ], - "Resources": [], - "ResultsDir": "/tmp/sonobuoy", - "Server": { - "advertiseaddress": "{{ include "rancher-cis-benchmark.fullname" . }}", - "bindaddress": "0.0.0.0", - "bindport": 443, - "timeoutseconds": 5400 - }, - "Namespace": "{{ .Release.Namespace }}", - "WorkerImage": "{{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}:{{ .Values.image.sonobuoy.tag }}", - "Version": "{{ .Values.image.sonobuoy.tag }}" - } ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-plugins-cm-{{ .Release.Name }} -data: - rancher-kube-bench.yaml: | - podSpec: - containers: [] - dnsPolicy: ClusterFirstWithHostNet - hostIPC: true - hostNetwork: true - hostPID: true - serviceAccountName: s-sa-{{ .Release.Name }} - {{- if .Values.sonobuoy.tolerations }} - tolerations: -{{ toYaml .Values.sonobuoy.tolerations | trim | indent 6 }} - {{- end }} - volumes: - - hostPath: - path: / - name: root - - hostPath: - path: /etc/passwd - name: etc-passwd - - hostPath: - path: /etc/group - name: etc-group - sonobuoy-config: - driver: DaemonSet - plugin-name: rancher-kube-bench - result-type: rancher-kube-bench - result-format: raw - spec: - name: rancher-kube-bench - image: '{{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}:{{ .Values.image.securityScan.tag }}' - command: ["/bin/bash", "-c", "run_sonobuoy_plugin.sh && sleep 3600"] - env: - - name: SONOBUOY_NS - value: {{ .Release.Namespace }} - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: RESULTS_DIR - value: /tmp/results - - name: CHROOT_DIR - value: /node - {{- if .Values.overrideBenchmarkVersion }} - - name: OVERRIDE_BENCHMARK_VERSION - value: {{ .Values.overrideBenchmarkVersion }} - {{- end }} - {{- if .Values.debugWorker }} - - name: DEBUG - value: "true" - - name: DEBUG_TIME_IN_SEC - value: {{ .Values.debugTime }} - {{- end }} - imagePullPolicy: Always - securityContext: - privileged: true - volumeMounts: - - mountPath: /tmp/results - name: results - readOnly: false - - mountPath: /node - name: root - readOnly: true - - mountPath: /etc/passwd - name: etc-passwd - readOnly: true - - mountPath: /etc/group - name: etc-group - readOnly: true diff --git a/charts/rancher-cis-benchmark/0.1.1/templates/ingress.yaml b/charts/rancher-cis-benchmark/0.1.1/templates/ingress.yaml deleted file mode 100644 index a63a59e5a..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "rancher-cis-benchmark.fullname" . -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - backend: - serviceName: {{ $fullName }} - servicePort: http - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.1.1/templates/pod.yaml b/charts/rancher-cis-benchmark/0.1.1/templates/pod.yaml deleted file mode 100644 index 97af7bc41..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/templates/pod.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: security-scan-runner-{{ .Release.Name }} - {{- if ne .Values.owner "" }} - annotations: - field.cattle.io/clusterScanOwner: "{{ .Values.owner }}" - {{- end }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - run: sonobuoy-master -spec: - serviceAccountName: s-sa-{{ .Release.Name }} - terminationGracePeriodSeconds: 0 - volumes: - - configMap: - name: s-config-cm-{{ .Release.Name }} - name: s-config-volume - - configMap: - name: s-plugins-cm-{{ .Release.Name }} - name: s-plugins-volume - - emptyDir: {} - name: output-volume - {{- if ne .Values.userSkipConfigMapName "" }} - - configMap: - name: {{ .Values.userSkipConfigMapName }} - name: user-skip-info-volume - {{- end }} - {{- if ne .Values.defaultSkipConfigMapName "" }} - - configMap: - name: {{ .Values.defaultSkipConfigMapName }} - name: default-skip-info-volume - {{- end }} - {{- if ne .Values.notApplicableConfigMapName "" }} - - configMap: - name: {{ .Values.notApplicableConfigMapName }} - name: not-applicable-info-volume - {{- end }} - containers: - - name: {{ .Chart.Name }} - restartPolicy: Never - env: - {{- if .Values.overrideBenchmarkVersion }} - - name: OVERRIDE_BENCHMARK_VERSION - value: {{ .Values.overrideBenchmarkVersion }} - {{- end }} - - name: SONOBUOY_NS - value: {{ .Release.Namespace }} - - name: SONOBUOY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SONOBUOY_ADVERTISE_IP - value: {{ include "rancher-cis-benchmark.fullname" . }} - {{- if ne .Values.owner "" }} - - name: OUTPUT_CONFIGMAPNAME - value: {{ .Release.Name }} - {{- end }} - {{- if .Values.debugMaster }} - - name: DEBUG - value: "true" - - name: DEBUG_TIME_IN_SEC - value: {{ .Values.debugTime }} - {{- end }} - image: '{{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}:{{ .Values.image.securityScan.tag }}' - imagePullPolicy: {{ .Values.image.securityScan.pullPolicy }} - ports: - - containerPort: 8080 - protocol: TCP - volumeMounts: - - mountPath: /etc/sonobuoy - name: s-config-volume - - mountPath: /plugins.d - name: s-plugins-volume - - mountPath: /tmp/sonobuoy - name: output-volume - {{- if ne .Values.userSkipConfigMapName "" }} - - mountPath: /etc/kbs/userskip - name: user-skip-info-volume - {{- end }} - {{- if ne .Values.defaultSkipConfigMapName "" }} - - mountPath: /etc/kbs/defaultskip - name: default-skip-info-volume - {{- end }} - {{- if ne .Values.notApplicableConfigMapName "" }} - - mountPath: /etc/kbs/notapplicable - name: not-applicable-info-volume - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.1.1/templates/rbac.yaml b/charts/rancher-cis-benchmark/0.1.1/templates/rbac.yaml deleted file mode 100644 index 919d141a2..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/templates/rbac.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: s-sa-{{ .Release.Name }} -subjects: -- kind: ServiceAccount - name: s-sa-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-cis-benchmark/0.1.1/templates/service.yaml b/charts/rancher-cis-benchmark/0.1.1/templates/service.yaml deleted file mode 100644 index 0882f4abd..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "rancher-cis-benchmark.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 443 - protocol: TCP - selector: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/rancher-cis-benchmark/0.1.1/values.yaml b/charts/rancher-cis-benchmark/0.1.1/values.yaml deleted file mode 100644 index 57eb1e135..000000000 --- a/charts/rancher-cis-benchmark/0.1.1/values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -# if owner is specified, it's used for the name of the configmap for results -owner: "" -# userSkipConfigMapName is used to specify the name of cm where user skip info is stored -userSkipConfigMapName: "" -# defaultSkipConfigMapName is used to specify the name of cm where default skip info is stored -defaultSkipConfigMapName: "" -# notApplicableConfigMapName -notApplicableConfigMapName: "" -# overrideBenchmarkVersion is used to override the default benchmark version used for -# a particular k8s version -overrideBenchmarkVersion: "" - -# when debug=true, the plugin pods sleep for the time specified -debugMaster: false -debugWorker: false -debugTime: "infinity" - -sonobuoy: - tolerations: [] - -image: - securityScan: - repository: rancher/security-scan - tag: v0.1.11 - pullPolicy: Always - sonobuoy: - repository: rancher/sonobuoy-sonobuoy - tag: v0.16.3 - -nameOverride: "" -fullnameOverride: "" - -service: - type: ClusterIP - port: 443 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: -- operator: Exists - -affinity: {} - -global: - systemDefaultRegistry: "" \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/0.1.2/.helmignore b/charts/rancher-cis-benchmark/0.1.2/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-cis-benchmark/0.1.2/Chart.yaml b/charts/rancher-cis-benchmark/0.1.2/Chart.yaml deleted file mode 100644 index eb562d344..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: "0.1.2" -description: | - Run CIS benchmark tests -name: rancher-cis-benchmark -version: 0.1.2 -home: https://github.com/rancher/system-charts/charts/rancher-cis-benchmark -sources: - - "https://github.com/rancher/system-charts/charts/rancher-cis-benchmark" -maintainers: - - name: Murali Paluru - email: leodotcloud@gmail.com diff --git a/charts/rancher-cis-benchmark/0.1.2/questions.yaml b/charts/rancher-cis-benchmark/0.1.2/questions.yaml deleted file mode 100644 index 2e50745ca..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/questions.yaml +++ /dev/null @@ -1,2 +0,0 @@ -rancher_min_version: 2.4.6-rc1 -rancher_max_version: 2.5.99 diff --git a/charts/rancher-cis-benchmark/0.1.2/templates/NOTES.txt b/charts/rancher-cis-benchmark/0.1.2/templates/NOTES.txt deleted file mode 100644 index e7e7bdf63..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "rancher-cis-benchmark.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "rancher-cis-benchmark.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rancher-cis-benchmark.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "rancher-cis-benchmark.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.1.2/templates/_helpers.tpl b/charts/rancher-cis-benchmark/0.1.2/templates/_helpers.tpl deleted file mode 100644 index 3776d9f32..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "rancher-cis-benchmark.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "rancher-cis-benchmark.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "rancher-cis-benchmark.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/0.1.2/templates/configmap.yaml b/charts/rancher-cis-benchmark/0.1.2/templates/configmap.yaml deleted file mode 100644 index 4602fdc90..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/templates/configmap.yaml +++ /dev/null @@ -1,117 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-config-cm-{{ .Release.Name }} -data: - config.json: | - { - "Description": "kube-bench plugin for CIS benchmarks", - "Filters": { - "LabelSelector": "", - "Namespaces": "[^\\w-.]+" - }, - "PluginNamespace": "{{ .Release.Namespace }}", - "Plugins": [ - { - "name": "rancher-kube-bench" - } - ], - "PluginSearchPath": [ - "/plugins.d" - ], - "Resources": [], - "ResultsDir": "/tmp/sonobuoy", - "Server": { - "advertiseaddress": "{{ include "rancher-cis-benchmark.fullname" . }}", - "bindaddress": "0.0.0.0", - "bindport": 443, - "timeoutseconds": 5400 - }, - "Namespace": "{{ .Release.Namespace }}", - "WorkerImage": "{{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}:{{ .Values.image.sonobuoy.tag }}", - "Version": "{{ .Values.image.sonobuoy.tag }}" - } ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-plugins-cm-{{ .Release.Name }} -data: - rancher-kube-bench.yaml: | - podSpec: - containers: [] - dnsPolicy: ClusterFirstWithHostNet - hostIPC: true - hostNetwork: true - hostPID: true - serviceAccountName: s-sa-{{ .Release.Name }} - {{- if .Values.sonobuoy.tolerations }} - tolerations: -{{ toYaml .Values.sonobuoy.tolerations | trim | indent 6 }} - {{- end }} - volumes: - - hostPath: - path: / - name: root - - hostPath: - path: /etc/passwd - name: etc-passwd - - hostPath: - path: /etc/group - name: etc-group - sonobuoy-config: - driver: DaemonSet - plugin-name: rancher-kube-bench - result-type: rancher-kube-bench - result-format: raw - spec: - name: rancher-kube-bench - image: '{{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}:{{ .Values.image.securityScan.tag }}' - command: ["/bin/bash", "-c", "run_sonobuoy_plugin.sh && sleep 3600"] - env: - - name: SONOBUOY_NS - value: {{ .Release.Namespace }} - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: RESULTS_DIR - value: /tmp/results - - name: CHROOT_DIR - value: /node - {{- if .Values.overrideBenchmarkVersion }} - - name: OVERRIDE_BENCHMARK_VERSION - value: {{ .Values.overrideBenchmarkVersion }} - {{- end }} - {{- if .Values.debugWorker }} - - name: DEBUG - value: "true" - - name: DEBUG_TIME_IN_SEC - value: {{ .Values.debugTime }} - {{- end }} - imagePullPolicy: Always - securityContext: - privileged: true - volumeMounts: - - mountPath: /tmp/results - name: results - readOnly: false - - mountPath: /node - name: root - readOnly: true - - mountPath: /etc/passwd - name: etc-passwd - readOnly: true - - mountPath: /etc/group - name: etc-group - readOnly: true diff --git a/charts/rancher-cis-benchmark/0.1.2/templates/ingress.yaml b/charts/rancher-cis-benchmark/0.1.2/templates/ingress.yaml deleted file mode 100644 index a63a59e5a..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "rancher-cis-benchmark.fullname" . -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - backend: - serviceName: {{ $fullName }} - servicePort: http - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.1.2/templates/pod.yaml b/charts/rancher-cis-benchmark/0.1.2/templates/pod.yaml deleted file mode 100644 index 97af7bc41..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/templates/pod.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: security-scan-runner-{{ .Release.Name }} - {{- if ne .Values.owner "" }} - annotations: - field.cattle.io/clusterScanOwner: "{{ .Values.owner }}" - {{- end }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - run: sonobuoy-master -spec: - serviceAccountName: s-sa-{{ .Release.Name }} - terminationGracePeriodSeconds: 0 - volumes: - - configMap: - name: s-config-cm-{{ .Release.Name }} - name: s-config-volume - - configMap: - name: s-plugins-cm-{{ .Release.Name }} - name: s-plugins-volume - - emptyDir: {} - name: output-volume - {{- if ne .Values.userSkipConfigMapName "" }} - - configMap: - name: {{ .Values.userSkipConfigMapName }} - name: user-skip-info-volume - {{- end }} - {{- if ne .Values.defaultSkipConfigMapName "" }} - - configMap: - name: {{ .Values.defaultSkipConfigMapName }} - name: default-skip-info-volume - {{- end }} - {{- if ne .Values.notApplicableConfigMapName "" }} - - configMap: - name: {{ .Values.notApplicableConfigMapName }} - name: not-applicable-info-volume - {{- end }} - containers: - - name: {{ .Chart.Name }} - restartPolicy: Never - env: - {{- if .Values.overrideBenchmarkVersion }} - - name: OVERRIDE_BENCHMARK_VERSION - value: {{ .Values.overrideBenchmarkVersion }} - {{- end }} - - name: SONOBUOY_NS - value: {{ .Release.Namespace }} - - name: SONOBUOY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SONOBUOY_ADVERTISE_IP - value: {{ include "rancher-cis-benchmark.fullname" . }} - {{- if ne .Values.owner "" }} - - name: OUTPUT_CONFIGMAPNAME - value: {{ .Release.Name }} - {{- end }} - {{- if .Values.debugMaster }} - - name: DEBUG - value: "true" - - name: DEBUG_TIME_IN_SEC - value: {{ .Values.debugTime }} - {{- end }} - image: '{{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}:{{ .Values.image.securityScan.tag }}' - imagePullPolicy: {{ .Values.image.securityScan.pullPolicy }} - ports: - - containerPort: 8080 - protocol: TCP - volumeMounts: - - mountPath: /etc/sonobuoy - name: s-config-volume - - mountPath: /plugins.d - name: s-plugins-volume - - mountPath: /tmp/sonobuoy - name: output-volume - {{- if ne .Values.userSkipConfigMapName "" }} - - mountPath: /etc/kbs/userskip - name: user-skip-info-volume - {{- end }} - {{- if ne .Values.defaultSkipConfigMapName "" }} - - mountPath: /etc/kbs/defaultskip - name: default-skip-info-volume - {{- end }} - {{- if ne .Values.notApplicableConfigMapName "" }} - - mountPath: /etc/kbs/notapplicable - name: not-applicable-info-volume - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.1.2/templates/rbac.yaml b/charts/rancher-cis-benchmark/0.1.2/templates/rbac.yaml deleted file mode 100644 index 919d141a2..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/templates/rbac.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: s-sa-{{ .Release.Name }} -subjects: -- kind: ServiceAccount - name: s-sa-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-cis-benchmark/0.1.2/templates/service.yaml b/charts/rancher-cis-benchmark/0.1.2/templates/service.yaml deleted file mode 100644 index 0882f4abd..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "rancher-cis-benchmark.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 443 - protocol: TCP - selector: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/rancher-cis-benchmark/0.1.2/values.yaml b/charts/rancher-cis-benchmark/0.1.2/values.yaml deleted file mode 100644 index 6c3b1d12b..000000000 --- a/charts/rancher-cis-benchmark/0.1.2/values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -# if owner is specified, it's used for the name of the configmap for results -owner: "" -# userSkipConfigMapName is used to specify the name of cm where user skip info is stored -userSkipConfigMapName: "" -# defaultSkipConfigMapName is used to specify the name of cm where default skip info is stored -defaultSkipConfigMapName: "" -# notApplicableConfigMapName -notApplicableConfigMapName: "" -# overrideBenchmarkVersion is used to override the default benchmark version used for -# a particular k8s version -overrideBenchmarkVersion: "" - -# when debug=true, the plugin pods sleep for the time specified -debugMaster: false -debugWorker: false -debugTime: "infinity" - -sonobuoy: - tolerations: [] - -image: - securityScan: - repository: rancher/security-scan - tag: v0.1.14 - pullPolicy: Always - sonobuoy: - repository: rancher/sonobuoy-sonobuoy - tag: v0.16.3 - -nameOverride: "" -fullnameOverride: "" - -service: - type: ClusterIP - port: 443 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: -- operator: Exists - -affinity: {} - -global: - systemDefaultRegistry: "" \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/0.2.0/.helmignore b/charts/rancher-cis-benchmark/0.2.0/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-cis-benchmark/0.2.0/Chart.yaml b/charts/rancher-cis-benchmark/0.2.0/Chart.yaml deleted file mode 100644 index 39123a025..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: "0.2.0" -description: | - Run CIS benchmark tests -name: rancher-cis-benchmark -version: 0.2.0 -home: https://github.com/rancher/system-charts/charts/rancher-cis-benchmark -sources: - - "https://github.com/rancher/system-charts/charts/rancher-cis-benchmark" -maintainers: - - name: Murali Paluru - email: leodotcloud@gmail.com -kubeVersion: '< 1.22.0-0' diff --git a/charts/rancher-cis-benchmark/0.2.0/questions.yaml b/charts/rancher-cis-benchmark/0.2.0/questions.yaml deleted file mode 100644 index 38410bdfd..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/questions.yaml +++ /dev/null @@ -1,2 +0,0 @@ -rancher_min_version: 2.6.0-alpha1 -rancher_max_version: 2.6.99 diff --git a/charts/rancher-cis-benchmark/0.2.0/templates/NOTES.txt b/charts/rancher-cis-benchmark/0.2.0/templates/NOTES.txt deleted file mode 100644 index e7e7bdf63..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "rancher-cis-benchmark.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "rancher-cis-benchmark.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rancher-cis-benchmark.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "rancher-cis-benchmark.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.2.0/templates/_helpers.tpl b/charts/rancher-cis-benchmark/0.2.0/templates/_helpers.tpl deleted file mode 100644 index 3776d9f32..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "rancher-cis-benchmark.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "rancher-cis-benchmark.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "rancher-cis-benchmark.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/0.2.0/templates/configmap.yaml b/charts/rancher-cis-benchmark/0.2.0/templates/configmap.yaml deleted file mode 100644 index 4602fdc90..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/templates/configmap.yaml +++ /dev/null @@ -1,117 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-config-cm-{{ .Release.Name }} -data: - config.json: | - { - "Description": "kube-bench plugin for CIS benchmarks", - "Filters": { - "LabelSelector": "", - "Namespaces": "[^\\w-.]+" - }, - "PluginNamespace": "{{ .Release.Namespace }}", - "Plugins": [ - { - "name": "rancher-kube-bench" - } - ], - "PluginSearchPath": [ - "/plugins.d" - ], - "Resources": [], - "ResultsDir": "/tmp/sonobuoy", - "Server": { - "advertiseaddress": "{{ include "rancher-cis-benchmark.fullname" . }}", - "bindaddress": "0.0.0.0", - "bindport": 443, - "timeoutseconds": 5400 - }, - "Namespace": "{{ .Release.Namespace }}", - "WorkerImage": "{{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}:{{ .Values.image.sonobuoy.tag }}", - "Version": "{{ .Values.image.sonobuoy.tag }}" - } ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-plugins-cm-{{ .Release.Name }} -data: - rancher-kube-bench.yaml: | - podSpec: - containers: [] - dnsPolicy: ClusterFirstWithHostNet - hostIPC: true - hostNetwork: true - hostPID: true - serviceAccountName: s-sa-{{ .Release.Name }} - {{- if .Values.sonobuoy.tolerations }} - tolerations: -{{ toYaml .Values.sonobuoy.tolerations | trim | indent 6 }} - {{- end }} - volumes: - - hostPath: - path: / - name: root - - hostPath: - path: /etc/passwd - name: etc-passwd - - hostPath: - path: /etc/group - name: etc-group - sonobuoy-config: - driver: DaemonSet - plugin-name: rancher-kube-bench - result-type: rancher-kube-bench - result-format: raw - spec: - name: rancher-kube-bench - image: '{{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}:{{ .Values.image.securityScan.tag }}' - command: ["/bin/bash", "-c", "run_sonobuoy_plugin.sh && sleep 3600"] - env: - - name: SONOBUOY_NS - value: {{ .Release.Namespace }} - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: RESULTS_DIR - value: /tmp/results - - name: CHROOT_DIR - value: /node - {{- if .Values.overrideBenchmarkVersion }} - - name: OVERRIDE_BENCHMARK_VERSION - value: {{ .Values.overrideBenchmarkVersion }} - {{- end }} - {{- if .Values.debugWorker }} - - name: DEBUG - value: "true" - - name: DEBUG_TIME_IN_SEC - value: {{ .Values.debugTime }} - {{- end }} - imagePullPolicy: Always - securityContext: - privileged: true - volumeMounts: - - mountPath: /tmp/results - name: results - readOnly: false - - mountPath: /node - name: root - readOnly: true - - mountPath: /etc/passwd - name: etc-passwd - readOnly: true - - mountPath: /etc/group - name: etc-group - readOnly: true diff --git a/charts/rancher-cis-benchmark/0.2.0/templates/ingress.yaml b/charts/rancher-cis-benchmark/0.2.0/templates/ingress.yaml deleted file mode 100644 index a63a59e5a..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "rancher-cis-benchmark.fullname" . -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - backend: - serviceName: {{ $fullName }} - servicePort: http - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.2.0/templates/pod.yaml b/charts/rancher-cis-benchmark/0.2.0/templates/pod.yaml deleted file mode 100644 index 97af7bc41..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/templates/pod.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: security-scan-runner-{{ .Release.Name }} - {{- if ne .Values.owner "" }} - annotations: - field.cattle.io/clusterScanOwner: "{{ .Values.owner }}" - {{- end }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - run: sonobuoy-master -spec: - serviceAccountName: s-sa-{{ .Release.Name }} - terminationGracePeriodSeconds: 0 - volumes: - - configMap: - name: s-config-cm-{{ .Release.Name }} - name: s-config-volume - - configMap: - name: s-plugins-cm-{{ .Release.Name }} - name: s-plugins-volume - - emptyDir: {} - name: output-volume - {{- if ne .Values.userSkipConfigMapName "" }} - - configMap: - name: {{ .Values.userSkipConfigMapName }} - name: user-skip-info-volume - {{- end }} - {{- if ne .Values.defaultSkipConfigMapName "" }} - - configMap: - name: {{ .Values.defaultSkipConfigMapName }} - name: default-skip-info-volume - {{- end }} - {{- if ne .Values.notApplicableConfigMapName "" }} - - configMap: - name: {{ .Values.notApplicableConfigMapName }} - name: not-applicable-info-volume - {{- end }} - containers: - - name: {{ .Chart.Name }} - restartPolicy: Never - env: - {{- if .Values.overrideBenchmarkVersion }} - - name: OVERRIDE_BENCHMARK_VERSION - value: {{ .Values.overrideBenchmarkVersion }} - {{- end }} - - name: SONOBUOY_NS - value: {{ .Release.Namespace }} - - name: SONOBUOY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SONOBUOY_ADVERTISE_IP - value: {{ include "rancher-cis-benchmark.fullname" . }} - {{- if ne .Values.owner "" }} - - name: OUTPUT_CONFIGMAPNAME - value: {{ .Release.Name }} - {{- end }} - {{- if .Values.debugMaster }} - - name: DEBUG - value: "true" - - name: DEBUG_TIME_IN_SEC - value: {{ .Values.debugTime }} - {{- end }} - image: '{{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}:{{ .Values.image.securityScan.tag }}' - imagePullPolicy: {{ .Values.image.securityScan.pullPolicy }} - ports: - - containerPort: 8080 - protocol: TCP - volumeMounts: - - mountPath: /etc/sonobuoy - name: s-config-volume - - mountPath: /plugins.d - name: s-plugins-volume - - mountPath: /tmp/sonobuoy - name: output-volume - {{- if ne .Values.userSkipConfigMapName "" }} - - mountPath: /etc/kbs/userskip - name: user-skip-info-volume - {{- end }} - {{- if ne .Values.defaultSkipConfigMapName "" }} - - mountPath: /etc/kbs/defaultskip - name: default-skip-info-volume - {{- end }} - {{- if ne .Values.notApplicableConfigMapName "" }} - - mountPath: /etc/kbs/notapplicable - name: not-applicable-info-volume - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/0.2.0/templates/rbac.yaml b/charts/rancher-cis-benchmark/0.2.0/templates/rbac.yaml deleted file mode 100644 index 919d141a2..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/templates/rbac.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: s-sa-{{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: s-sa-{{ .Release.Name }} -subjects: -- kind: ServiceAccount - name: s-sa-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-cis-benchmark/0.2.0/templates/service.yaml b/charts/rancher-cis-benchmark/0.2.0/templates/service.yaml deleted file mode 100644 index 0882f4abd..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "rancher-cis-benchmark.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - helm.sh/chart: {{ include "rancher-cis-benchmark.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 443 - protocol: TCP - selector: - app.kubernetes.io/name: {{ include "rancher-cis-benchmark.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/rancher-cis-benchmark/0.2.0/values.yaml b/charts/rancher-cis-benchmark/0.2.0/values.yaml deleted file mode 100644 index cc5b834fb..000000000 --- a/charts/rancher-cis-benchmark/0.2.0/values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -# if owner is specified, it's used for the name of the configmap for results -owner: "" -# userSkipConfigMapName is used to specify the name of cm where user skip info is stored -userSkipConfigMapName: "" -# defaultSkipConfigMapName is used to specify the name of cm where default skip info is stored -defaultSkipConfigMapName: "" -# notApplicableConfigMapName -notApplicableConfigMapName: "" -# overrideBenchmarkVersion is used to override the default benchmark version used for -# a particular k8s version -overrideBenchmarkVersion: "" - -# when debug=true, the plugin pods sleep for the time specified -debugMaster: false -debugWorker: false -debugTime: "infinity" - -sonobuoy: - tolerations: [] - -image: - securityScan: - repository: rancher/security-scan - tag: v0.1.14 - pullPolicy: Always - sonobuoy: - repository: rancher/mirrored-sonobuoy-sonobuoy - tag: v0.16.3 - -nameOverride: "" -fullnameOverride: "" - -service: - type: ClusterIP - port: 443 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: -- operator: Exists - -affinity: {} - -global: - systemDefaultRegistry: "" \ No newline at end of file diff --git a/charts/rancher-external-dns/v0.0.1/.helmignore b/charts/rancher-external-dns/v0.0.1/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-external-dns/v0.0.1/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-external-dns/v0.0.1/Chart.yaml b/charts/rancher-external-dns/v0.0.1/Chart.yaml deleted file mode 100644 index 28b1ab978..000000000 --- a/charts/rancher-external-dns/v0.0.1/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -description: | - Configure external DNS servers (AWS Route53, Google CloudDNS and others) - for Kubernetes Ingresses and Services -name: rancher-external-dns -version: 0.0.1 -appVersion: 0.5.11 -home: https://github.com/kubernetes-incubator/external-dns -sources: - - https://github.com/kubernetes-incubator/external-dns -engine: gotpl -maintainers: -- name: rabadin - email: rabadin@cisco.com diff --git a/charts/rancher-external-dns/v0.0.1/README.md b/charts/rancher-external-dns/v0.0.1/README.md deleted file mode 100644 index 0d8fc0844..000000000 --- a/charts/rancher-external-dns/v0.0.1/README.md +++ /dev/null @@ -1,132 +0,0 @@ -# external-dns - -## Chart Details - -This chart will do the following: - -* Create a deployment of [external-dns] within your Kubernetes Cluster. - -Currently this uses the [Zalando] hosted container, if this is a concern follow the steps in the [external-dns] documentation to compile the binary and make a container. Where the chart pulls the image from is fully configurable. - -> **Note**: If you want to use Chart version >1.1.0 with external-dns image <0.5.9 and use aws credentials, make sure to set `aws.credentialsPath: "/root/.aws"` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release stable/external-dns -``` - -## Configuration - -The following table lists the configurable parameters of the external-dns chart and their default values. - - -| Parameter | Description | Default | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | -| `annotationFilter` | Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) (optional). | `""` | -| `aws.accessKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.secretKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.credentialsPath` | determine `mountPath` for `credentials` secret, defaults to `nobody` USER home path `/.aws` (optional). | `"/.aws"` | -| `aws.region` | `AWS_DEFAULT_REGION` to set in the environment (optional). | `us-east-1` | -| `aws.roleArn` | If assume role credentials are used then is the role_arn (arn:aws:iam::....). Leave empty if not used. | `""` | -| `aws.zoneType` | Filter for zones of this type (optional, options: public, private). | `""` | -| `azure.secretName` | Set the secret created for the SP for azure, should contain an azure.json file | `""` | -| `cloudflare.apiKey` | `CF_API_KEY` to set in the environment (optional). | `""` | -| `cloudflare.email` | `CF_API_EMAIL` to set in the environment (optional). | `""` | -| `cloudflare.proxied` | enable the proxy feature of Cloudflare (DDOS protection, CDN...) (optional). | `true` | -| `designate.customCA.enabled` | A switch to enable a custom CA for the Designate provider (optional) | false | -| `designate.customCA.content` | The content of the Designate provider's custom CA | "" | -| `designate.customCA.directory` | Directory in which to mount the Designate provider's custom CA | "/config/designate" | -| `designate.customCA.filename` | Filename of Designate provider's custom CA | "designate-ca.pem" | -| `domainFilters` | Limit possible target zones by domain suffixes (optional). | `[]` | -| `dryRun` | When enabled, prints DNS record changes rather than actually performing them (optional). | `false` | -| `extraArgs` | Optional object of extra args, as `name`: `value` pairs. Where the name is the command line arg to external-dns. | `{}` | -| `extraEnv` | Optional array of extra environment variables. Supply a `name` property and either `value` of `valueFrom` for each. | `[]` | -| `google.project` | When using the Google provider, specify the Google project (required when provider=google). | `""` | -| `google.serviceAccountSecret` | When using the Google provider, optionally specify the existing secret which contains credentials.json if necessary. | `""` | -| `google.serviceAccountKey` | When using the Google provider, optionally specify the service account key JSON file. Must be provided when no existing secret is used, in this case a new secret will be created holding this service account | `""` | -| `image.repository` | Container image name (Including repository name if not `hub.docker.com`). | `registry.opensource.zalan.do/teapot/external-dns` | -| `image.pullPolicy` | Container pull policy. | `IfNotPresent` | -| `image.tag` | Container image tag. | `v0.5.9` | -| `image.pullSecrets` | Array of pull secret names | `[]` | -| `infoblox.gridHost` | When using the Infoblox provider, specify the Infoblox Grid host. | `""` | -| `infoblox.wapiUsername` | When using the Infoblox provider, specify the Infoblox WAPI username. | `""` | -| `infoblox.wapiPassword` | When using the Infoblox provider, specify the Infoblox WAPI password. | `""` | -| `infoblox.domainFilter` | When using the Infoblox provider, optionally specify the domain. | `""` | -| `infoblox.noSslVerify` | When using the Infoblox provider, optionally disable SSL verification. | `false` | -| `infoblox.wapiPort` | When using the Infoblox provider, optionally specify the Infoblox WAPI port. | `""` | -| `infoblox.wapiVersion` | When using the Infoblox provider, optionally specify the Infoblox WAPI version. | `""` | -| `infoblox.wapiConnectionPoolSize` | When using the Infoblox provider, optionally specify the Infoblox WAPI request connection pool size. | `""` | -| `infoblox.wapiHttpTimeout` | When using the Infoblox provider, optionally specify the Infoblox WAPI request timeout in seconds. | `""` | -| `logLevel` | Verbosity of the logs (options: panic, debug, info, warn, error, fatal) | `info` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `podAnnotations` | Additional annotations to apply to the pod. | `{}` | -| `policy` | Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ). | `upsert-only` | -| `provider` | The DNS provider where the DNS records will be created (options: aws, google, azure, cloudflare, digitalocean, inmemory ). | `aws` | -| `publishInternalServices` | Allow external-dns to publish DNS records for ClusterIP services (optional). | `false` | -| `rbac.create` | If true, create & use RBAC resources | `false` | -| `rbac.serviceAccountName` | Existing ServiceAccount to use (ignored if rbac.create=true) | `default` | -| `interval` | Interval update period to use (options: txt, noop) | `txt` | -| `registry` | Registry method to use (options: txt, noop) | `txt` | -| `resources` | CPU/Memory resource requests/limits. | `{}` | -| `securityContext` | Security options the pod should run with. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{}` | -| `priorityClassName` | priorityClassName | `""` | -| `service.annotations` | Annotations to add to service | `{}` | -| `service.clusterIP` | IP address to assign to service | `""` | -| `service.externalIPs` | Service external IP addresses | `[]` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `service.servicePort` | Service port to expose | `7979` | -| `service.type` | Type of service to create | `ClusterIP` | -| `sources` | List of resource types to monitor, possible values are fake, service or ingress. | `[service, ingress]` | -| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | -| `affinity` | List of affinities (requires Kubernetes >=1.6) | `{}` | -| `txtOwnerId` | When using the TXT registry, a name that identifies this instance of ExternalDNS (optional) | `"default"` | -| `txtPrefix` | When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) | `""` | -| `zoneIdFilters` | Limit possible target zones by zone id (optional) | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --name my-release -f values.yaml stable/external-dns -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## IAM Permissions - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "route53:ChangeResourceRecordSets" - ], - "Resource": [ - "arn:aws:route53:::hostedzone/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones", - "route53:ListResourceRecordSets" - ], - "Resource": [ - "*" - ] - } - ] -} -``` - -[external-dns]: https://github.com/kubernetes-incubator/external-dns -[Zalando]: https://zalando.github.io/ -[getting-started]: https://github.com/kubernetes-incubator/external-dns/blob/master/README.md#getting-started diff --git a/charts/rancher-external-dns/v0.0.1/questions.yml b/charts/rancher-external-dns/v0.0.1/questions.yml deleted file mode 100644 index a0685b1e7..000000000 --- a/charts/rancher-external-dns/v0.0.1/questions.yml +++ /dev/null @@ -1,2 +0,0 @@ -rancher_min_version: 2.3.0-rc1 -rancher_max_version: 2.5.99 diff --git a/charts/rancher-external-dns/v0.0.1/templates/NOTES.txt b/charts/rancher-external-dns/v0.0.1/templates/NOTES.txt deleted file mode 100644 index e04285496..000000000 --- a/charts/rancher-external-dns/v0.0.1/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that external-dns has started, run: - - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "external-dns.name" . }},release={{ .Release.Name }}" diff --git a/charts/rancher-external-dns/v0.0.1/templates/_helpers.tpl b/charts/rancher-external-dns/v0.0.1/templates/_helpers.tpl deleted file mode 100644 index 12e01e727..000000000 --- a/charts/rancher-external-dns/v0.0.1/templates/_helpers.tpl +++ /dev/null @@ -1,59 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "external-dns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "external-dns.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if ne $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* Generate basic labels */}} -{{- define "external-dns.labels" }} -app: {{ template "external-dns.name" . }} -heritage: {{.Release.Service }} -release: {{.Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels }} -{{- end }} -{{- end }} - -{{- define "external-dns.aws-credentials" }} -[default] -aws_access_key_id = {{ .Values.aws.accessKey }} -aws_secret_access_key = {{ .Values.aws.secretKey }} -{{ end }} - - -{{- define "external-dns.aws-config" }} -[profile default] -{{- if .Values.aws.roleArn }} -role_arn = {{ .Values.aws.roleArn }} -{{- end }} -region = {{ .Values.aws.region }} -source_profile = default -{{ end }} - -{{- define "external-dns.alibabacloud-config" }} -accessKeyId: {{ .Values.alibabacloud.accessKey }} -accessKeySecret: {{ .Values.alibabacloud.secretKey }} -{{ end }} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-external-dns/v0.0.1/templates/clusterrole.yaml b/charts/rancher-external-dns/v0.0.1/templates/clusterrole.yaml deleted file mode 100644 index 8ef1346cc..000000000 --- a/charts/rancher-external-dns/v0.0.1/templates/clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRole -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -rules: - - apiGroups: - - "" - resources: - - services - - pods - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/rancher-external-dns/v0.0.1/templates/clusterrolebinding.yaml b/charts/rancher-external-dns/v0.0.1/templates/clusterrolebinding.yaml deleted file mode 100644 index b93b19f30..000000000 --- a/charts/rancher-external-dns/v0.0.1/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRoleBinding -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "external-dns.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/rancher-external-dns/v0.0.1/templates/configmap.yaml b/charts/rancher-external-dns/v0.0.1/templates/configmap.yaml deleted file mode 100644 index 8cb558177..000000000 --- a/charts/rancher-external-dns/v0.0.1/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "external-dns.fullname" . }} - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -data: - {{ .Values.designate.customCA.filename }}: | -{{ .Values.designate.customCA.content | indent 4 }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.0.1/templates/deployment.yaml b/charts/rancher-external-dns/v0.0.1/templates/deployment.yaml deleted file mode 100755 index 1e7fae850..000000000 --- a/charts/rancher-external-dns/v0.0.1/templates/deployment.yaml +++ /dev/null @@ -1,260 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -spec: - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8}} - {{- end }} - labels: {{ include "external-dns.labels" . | indent 8 }} - spec: - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $sec := .Values.image.pullSecrets }} - - name: {{$sec | quote }} - {{- end }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: {{ template "external-dns.name" . }} - image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ .Values.image.tag }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - args: - {{- if .Values.logLevel }} - - --log-level={{ .Values.logLevel }} - {{- end }} - {{- if .Values.publishInternalServices }} - - --publish-internal-services - {{- end }} - {{- range .Values.domainFilters }} - - --domain-filter={{ . }} - {{- end }} - {{- range .Values.zoneIdFilters }} - - --zone-id-filter={{ . }} - {{- end }} - - --policy={{ .Values.policy }} - - --provider={{ .Values.provider }} - - --registry={{ .Values.registry }} - - --interval={{ .Values.interval }} - {{- if .Values.txtOwnerId }} - - --txt-owner-id={{ .Values.txtOwnerId }} - {{- end }} - {{- if .Values.txtPrefix }} - - --txt-prefix={{ .Values.txtPrefix }} - {{- end }} - {{- if .Values.annotationFilter }} - - --annotation-filter={{ .Values.annotationFilter }} - {{- end }} - {{- range .Values.sources }} - - --source={{ . }} - {{- end }} - {{ if .Values.dryRun }} - - --dry-run - {{- end }} - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "cloudflare" }} - {{- if .Values.cloudflare.proxied }} - - --cloudflare-proxied - {{- end }} - {{- end }} - {{- if .Values.aws.zoneType }} - - --aws-zone-type={{ .Values.aws.zoneType }} - {{- end }} - {{- if .Values.google.project }} - - --google-project={{ .Values.google.project }} - {{- end }} - {{- if eq .Values.provider "infoblox" }} - - --infoblox-grid-host={{ .Values.infoblox.gridHost }} - {{- if .Values.infoblox.domainFilter }} - - --domain-filter={{ .Values.infoblox.domainFilter }} - {{- end }} - {{- if .Values.infoblox.wapiPort }} - - --infoblox-wapi-port={{ .Values.infoblox.wapiPort }} - {{- end }} - {{- if .Values.infoblox.wapiVersion }} - - --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }} - {{- end }} - {{- if .Values.infoblox.noSslVerify }} - - --no-infoblox-ssl-verify - {{- else }} - - --infoblox-ssl-verify - {{- end }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - --alibaba-cloud-config-file=/etc/kubernetes/config.yaml - {{- end }} - {{- if .Values.alibabacloud.zoneType }} - - --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }} - {{- end }} - volumeMounts: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: google-service-account - mountPath: /etc/secrets/service-account/ - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if not .Values.azure.secretName }} - mountPath: /etc/kubernetes/azure.json - {{- else }} - mountPath: /etc/kubernetes/ - {{- end }} - readOnly: true - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - mountPath: {{ .Values.aws.credentialsPath }} - readOnly: true - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - mountPath: {{ .Values.designate.customCA.directory }} - readOnly: true - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - mountPath: /etc/kubernetes/ - readOnly: true - - mountPath: /usr/share/zoneinfo - name: zoneinfo - readOnly: true - {{- end }} - env: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /etc/secrets/service-account/credentials.json - {{- end }} - {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} - {{- if .Values.aws.region }} - - name: AWS_DEFAULT_REGION - value: {{ .Values.aws.region }} - {{- end }} - {{- end }} - {{- if and .Values.cloudflare.apiKey .Values.cloudflare.email }} - - name: CF_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: cloudflare_api_key - - name: CF_API_EMAIL - value: "{{ .Values.cloudflare.email }}" - {{- end }} - {{- if .Values.infoblox.wapiConnectionPoolSize }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS - value: "{{ .Values.infoblox.wapiConnectionPoolSize }}" - {{- end }} - {{- if .Values.infoblox.wapiHttpTimeout }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT - value: "{{ .Values.infoblox.wapiHttpTimeout }}" - {{- end }} - {{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - - name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_username - - name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_password - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: OPENSTACK_CA_FILE - value: {{ .Values.designate.customCA.directory }}/{{ .Values.designate.customCA.filename }} - {{- end }} - {{- $root := . -}} - {{- range .Values.extraEnv }} - - name: {{ .name }} - valueFrom: - {{- if .valueFrom }} -{{ toYaml .valueFrom | indent 14 }} - {{- else }} - secretKeyRef: - name: {{ template "external-dns.fullname" $root }} - key: {{ .name }} - {{- end }} - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: 7979 - ports: - - containerPort: 7979 - {{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - volumes: - {{- if .Values.google.serviceAccountSecret }} - - name: google-service-account - secret: - secretName: {{ .Values.google.serviceAccountSecret | quote }} - {{- else if .Values.google.serviceAccountKey }} - - name: google-service-account - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if (not .Values.azure.secretName)}} - hostPath: - path: /etc/kubernetes/azure.json - type: File - {{- else}} - secret: - secretName: {{.Values.azure.secretName}} - {{- end}} - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - configMap: - name: {{ template "external-dns.fullname" . }} - items: - - key: {{ .Values.designate.customCA.filename }} - path: {{ .Values.designate.customCA.filename }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - secret: - secretName: {{ template "external-dns.fullname" . }} - - name: zoneinfo - hostPath: - path: /usr/share/zoneinfo - {{- end }} - nodeSelector: - beta.kubernetes.io/os: linux - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "external-dns.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} diff --git a/charts/rancher-external-dns/v0.0.1/templates/secret.yaml b/charts/rancher-external-dns/v0.0.1/templates/secret.yaml deleted file mode 100644 index a5a5fc428..000000000 --- a/charts/rancher-external-dns/v0.0.1/templates/secret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if or (and .Values.aws.secretKey .Values.aws.accessKey) .Values.cloudflare.apiKey (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) .Values.extraEnv .Values.google.serviceAccountKey (and .Values.alibabacloud.secretKey .Values.alibabacloud.accessKey) -}} -apiVersion: v1 -kind: Secret -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -type: Opaque -data: -{{- if eq .Values.provider "aws" }} - credentials: {{ include "external-dns.aws-credentials" . | b64enc | quote }} - config: {{ include "external-dns.aws-config" . | b64enc | quote }} -{{- end}} -{{- if and (eq .Values.provider "google") .Values.google.serviceAccountKey }} - credentials.json: {{ .Values.google.serviceAccountKey | b64enc | quote }} -{{- end}} -{{- if .Values.cloudflare.apiKey }} - cloudflare_api_key: {{ .Values.cloudflare.apiKey | b64enc | quote }} -{{- end }} -{{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - infoblox_wapi_username: {{ .Values.infoblox.wapiUsername | b64enc | quote }} - infoblox_wapi_password: {{ .Values.infoblox.wapiPassword | b64enc | quote }} -{{- end }} -{{- if eq .Values.provider "alibabacloud" }} - config.yaml: {{ include "external-dns.alibabacloud-config" . | b64enc | quote }} -{{- end}} - -{{- range .Values.extraEnv }} - {{- if .value }} - {{ .name }}: {{ .value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.0.1/templates/service.yaml b/charts/rancher-external-dns/v0.0.1/templates/service.yaml deleted file mode 100644 index ef73ad2b2..000000000 --- a/charts/rancher-external-dns/v0.0.1/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "external-dns.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "external-dns.fullname" . }} -spec: -{{- if .Values.service.clusterIP }} - clusterIP: "{{ .Values.service.clusterIP }}" -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - port: {{ .Values.service.servicePort }} - protocol: TCP - targetPort: 7979 - name: http - selector: - app: {{ template "external-dns.name" . }} - release: {{ .Release.Name }} - type: "{{ .Values.service.type }}" diff --git a/charts/rancher-external-dns/v0.0.1/templates/serviceaccount.yaml b/charts/rancher-external-dns/v0.0.1/templates/serviceaccount.yaml deleted file mode 100644 index 936ed7580..000000000 --- a/charts/rancher-external-dns/v0.0.1/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.0.1/values.yaml b/charts/rancher-external-dns/v0.0.1/values.yaml deleted file mode 100644 index 668f0d260..000000000 --- a/charts/rancher-external-dns/v0.0.1/values.yaml +++ /dev/null @@ -1,177 +0,0 @@ -## Details about the image to be pulled. -image: - repository: rancher/kubernetes-external-dns - tag: v0.5.11 - pullSecrets: [] - pullPolicy: IfNotPresent - -## This controls which types of resource external-dns should 'watch' for new -## DNS entries. -sources: - - service - - ingress - -# Allow external-dns to publish DNS records for ClusterIP services (optional) -publishInternalServices: false - -## The DNS provider where the DNS records will be created (options: aws, google, inmemory, azure, alibabacloud ) -provider: aws - -# Configurations for Alibabacloud provider -alibabacloud: - accessKey: "" - secretKey: "" - # Filter for zones of this type (optional, options: public, private or no value for both) - zoneType: "" - -# AWS Access keys to inject as environment variables -aws: - secretKey: "" - accessKey: "" - # pre external-dns 0.5.9 home dir should be `/root/.aws` - credentialsPath: "/.aws" - roleArn: "" - region: "us-east-1" - # Filter for zones of this type (optional, options: public, private) - zoneType: "" - -azure: -# If you don't specify a secret to load azure.json from, you will get the host's /etc/kubernetes/azure.json - secretName: "" - -# Cloudflare keys to inject as environment variables -cloudflare: - apiKey: "" - email: "" - proxied: true - -# Configuration for OpenStack Designate provider -designate: - # A custom CA (optional) - customCA: - # Turn custom CA on or off - enabled: false - # The content of the custom CA file - content: "" - # Location to mount custom CA - directory: "/config/designate" - # Filename of the custom CA - filename: "designate-ca.pem" - -# When using the Google provider, specify the Google project (required when provider=google) -google: - project: "" - serviceAccountSecret: "" - serviceAccountKey: "" - -# Infoblox keys to inject -infoblox: - # Required keys: - wapiUsername: "" - wapiPassword: "" - gridHost: "" - # Optional keys: - domainFilter: "" - noSslVerify: false - wapiPort: "" - wapiVersion: "" - wapiConnectionPoolSize: "" - wapiHttpTimeout: "" - -## Limit possible target zones by domain suffixes (optional) -domainFilters: [] -## Limit possible target zones by zone id (optional) -zoneIdFilters: [] -# Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) -annotationFilter: "" -## Adjust the interval for DNS updates -interval: "1m" - -# Registry to use for ownership (txt or noop) -registry: "txt" - -# When using the TXT registry, a name that identifies this instance of ExternalDNS -txtOwnerId: "" - -# When enabled, prints DNS record changes rather than actually performing them -dryRun: false - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -## Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ) -policy: upsert-only - -## Annotations to be added to pods -## -podAnnotations: {} - -podLabels: {} - -# Verbosity of the logs (options: panic, debug, info, warn, error, fatal) -logLevel: info - -extraArgs: {} - -# Extra environment variables which will be saved in a release-specific secret -# or retrieved via valueFrom. -# extraEnv: -# - name: SECRET_TO_SAVE -# value: secret_value -# - name: AWS_ACCESS_KEY_ID -# valueFrom: -# secretKeyRef: -# name: existing-secret -# key: access-key-id -extraEnv: [] - -## CPU and Memory limit and request for external-dns -resources: - limits: - memory: 100Mi - cpu: 200m - requests: - memory: 50Mi - cpu: 100m - -rbac: - ## If true, create & use RBAC resources - ## - create: false - # Beginning with Kubernetes 1.8, the api is stable and v1 can be used. - apiVersion: v1beta1 - - ## Ignored if rbac.create is true - ## - serviceAccountName: default - -securityContext: {} - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 65534 # 65534 is nobody - revise aws.credentialsPath when changing uid - # capabilities: - # drop: ["ALL"] - -service: - annotations: {} - clusterIP: "" - - ## List of IP addresses at which the service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 7979 - type: ClusterIP - -priorityClassName: "" - -global: - systemDefaultRegistry: "" diff --git a/charts/rancher-external-dns/v0.0.2/.helmignore b/charts/rancher-external-dns/v0.0.2/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-external-dns/v0.0.2/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-external-dns/v0.0.2/Chart.yaml b/charts/rancher-external-dns/v0.0.2/Chart.yaml deleted file mode 100644 index b92055f8a..000000000 --- a/charts/rancher-external-dns/v0.0.2/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -description: | - Configure external DNS servers (AWS Route53, Google CloudDNS and others) - for Kubernetes Ingresses and Services -name: rancher-external-dns -version: 0.0.2 -appVersion: 0.5.11 -home: https://github.com/kubernetes-incubator/external-dns -sources: - - https://github.com/kubernetes-incubator/external-dns -engine: gotpl -maintainers: -- name: rabadin - email: rabadin@cisco.com diff --git a/charts/rancher-external-dns/v0.0.2/README.md b/charts/rancher-external-dns/v0.0.2/README.md deleted file mode 100644 index 0d8fc0844..000000000 --- a/charts/rancher-external-dns/v0.0.2/README.md +++ /dev/null @@ -1,132 +0,0 @@ -# external-dns - -## Chart Details - -This chart will do the following: - -* Create a deployment of [external-dns] within your Kubernetes Cluster. - -Currently this uses the [Zalando] hosted container, if this is a concern follow the steps in the [external-dns] documentation to compile the binary and make a container. Where the chart pulls the image from is fully configurable. - -> **Note**: If you want to use Chart version >1.1.0 with external-dns image <0.5.9 and use aws credentials, make sure to set `aws.credentialsPath: "/root/.aws"` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release stable/external-dns -``` - -## Configuration - -The following table lists the configurable parameters of the external-dns chart and their default values. - - -| Parameter | Description | Default | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | -| `annotationFilter` | Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) (optional). | `""` | -| `aws.accessKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.secretKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.credentialsPath` | determine `mountPath` for `credentials` secret, defaults to `nobody` USER home path `/.aws` (optional). | `"/.aws"` | -| `aws.region` | `AWS_DEFAULT_REGION` to set in the environment (optional). | `us-east-1` | -| `aws.roleArn` | If assume role credentials are used then is the role_arn (arn:aws:iam::....). Leave empty if not used. | `""` | -| `aws.zoneType` | Filter for zones of this type (optional, options: public, private). | `""` | -| `azure.secretName` | Set the secret created for the SP for azure, should contain an azure.json file | `""` | -| `cloudflare.apiKey` | `CF_API_KEY` to set in the environment (optional). | `""` | -| `cloudflare.email` | `CF_API_EMAIL` to set in the environment (optional). | `""` | -| `cloudflare.proxied` | enable the proxy feature of Cloudflare (DDOS protection, CDN...) (optional). | `true` | -| `designate.customCA.enabled` | A switch to enable a custom CA for the Designate provider (optional) | false | -| `designate.customCA.content` | The content of the Designate provider's custom CA | "" | -| `designate.customCA.directory` | Directory in which to mount the Designate provider's custom CA | "/config/designate" | -| `designate.customCA.filename` | Filename of Designate provider's custom CA | "designate-ca.pem" | -| `domainFilters` | Limit possible target zones by domain suffixes (optional). | `[]` | -| `dryRun` | When enabled, prints DNS record changes rather than actually performing them (optional). | `false` | -| `extraArgs` | Optional object of extra args, as `name`: `value` pairs. Where the name is the command line arg to external-dns. | `{}` | -| `extraEnv` | Optional array of extra environment variables. Supply a `name` property and either `value` of `valueFrom` for each. | `[]` | -| `google.project` | When using the Google provider, specify the Google project (required when provider=google). | `""` | -| `google.serviceAccountSecret` | When using the Google provider, optionally specify the existing secret which contains credentials.json if necessary. | `""` | -| `google.serviceAccountKey` | When using the Google provider, optionally specify the service account key JSON file. Must be provided when no existing secret is used, in this case a new secret will be created holding this service account | `""` | -| `image.repository` | Container image name (Including repository name if not `hub.docker.com`). | `registry.opensource.zalan.do/teapot/external-dns` | -| `image.pullPolicy` | Container pull policy. | `IfNotPresent` | -| `image.tag` | Container image tag. | `v0.5.9` | -| `image.pullSecrets` | Array of pull secret names | `[]` | -| `infoblox.gridHost` | When using the Infoblox provider, specify the Infoblox Grid host. | `""` | -| `infoblox.wapiUsername` | When using the Infoblox provider, specify the Infoblox WAPI username. | `""` | -| `infoblox.wapiPassword` | When using the Infoblox provider, specify the Infoblox WAPI password. | `""` | -| `infoblox.domainFilter` | When using the Infoblox provider, optionally specify the domain. | `""` | -| `infoblox.noSslVerify` | When using the Infoblox provider, optionally disable SSL verification. | `false` | -| `infoblox.wapiPort` | When using the Infoblox provider, optionally specify the Infoblox WAPI port. | `""` | -| `infoblox.wapiVersion` | When using the Infoblox provider, optionally specify the Infoblox WAPI version. | `""` | -| `infoblox.wapiConnectionPoolSize` | When using the Infoblox provider, optionally specify the Infoblox WAPI request connection pool size. | `""` | -| `infoblox.wapiHttpTimeout` | When using the Infoblox provider, optionally specify the Infoblox WAPI request timeout in seconds. | `""` | -| `logLevel` | Verbosity of the logs (options: panic, debug, info, warn, error, fatal) | `info` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `podAnnotations` | Additional annotations to apply to the pod. | `{}` | -| `policy` | Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ). | `upsert-only` | -| `provider` | The DNS provider where the DNS records will be created (options: aws, google, azure, cloudflare, digitalocean, inmemory ). | `aws` | -| `publishInternalServices` | Allow external-dns to publish DNS records for ClusterIP services (optional). | `false` | -| `rbac.create` | If true, create & use RBAC resources | `false` | -| `rbac.serviceAccountName` | Existing ServiceAccount to use (ignored if rbac.create=true) | `default` | -| `interval` | Interval update period to use (options: txt, noop) | `txt` | -| `registry` | Registry method to use (options: txt, noop) | `txt` | -| `resources` | CPU/Memory resource requests/limits. | `{}` | -| `securityContext` | Security options the pod should run with. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{}` | -| `priorityClassName` | priorityClassName | `""` | -| `service.annotations` | Annotations to add to service | `{}` | -| `service.clusterIP` | IP address to assign to service | `""` | -| `service.externalIPs` | Service external IP addresses | `[]` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `service.servicePort` | Service port to expose | `7979` | -| `service.type` | Type of service to create | `ClusterIP` | -| `sources` | List of resource types to monitor, possible values are fake, service or ingress. | `[service, ingress]` | -| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | -| `affinity` | List of affinities (requires Kubernetes >=1.6) | `{}` | -| `txtOwnerId` | When using the TXT registry, a name that identifies this instance of ExternalDNS (optional) | `"default"` | -| `txtPrefix` | When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) | `""` | -| `zoneIdFilters` | Limit possible target zones by zone id (optional) | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --name my-release -f values.yaml stable/external-dns -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## IAM Permissions - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "route53:ChangeResourceRecordSets" - ], - "Resource": [ - "arn:aws:route53:::hostedzone/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones", - "route53:ListResourceRecordSets" - ], - "Resource": [ - "*" - ] - } - ] -} -``` - -[external-dns]: https://github.com/kubernetes-incubator/external-dns -[Zalando]: https://zalando.github.io/ -[getting-started]: https://github.com/kubernetes-incubator/external-dns/blob/master/README.md#getting-started diff --git a/charts/rancher-external-dns/v0.0.2/questions.yml b/charts/rancher-external-dns/v0.0.2/questions.yml deleted file mode 100644 index a0685b1e7..000000000 --- a/charts/rancher-external-dns/v0.0.2/questions.yml +++ /dev/null @@ -1,2 +0,0 @@ -rancher_min_version: 2.3.0-rc1 -rancher_max_version: 2.5.99 diff --git a/charts/rancher-external-dns/v0.0.2/templates/NOTES.txt b/charts/rancher-external-dns/v0.0.2/templates/NOTES.txt deleted file mode 100644 index e04285496..000000000 --- a/charts/rancher-external-dns/v0.0.2/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that external-dns has started, run: - - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "external-dns.name" . }},release={{ .Release.Name }}" diff --git a/charts/rancher-external-dns/v0.0.2/templates/_helpers.tpl b/charts/rancher-external-dns/v0.0.2/templates/_helpers.tpl deleted file mode 100644 index d2de481f1..000000000 --- a/charts/rancher-external-dns/v0.0.2/templates/_helpers.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "external-dns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "external-dns.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if ne $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* Generate basic labels */}} -{{- define "external-dns.labels" }} -app: {{ template "external-dns.name" . }} -heritage: {{.Release.Service }} -release: {{.Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels }} -{{- end }} -{{- end }} - -{{- define "external-dns.aws-credentials" }} -[default] -aws_access_key_id = {{ .Values.aws.accessKey }} -aws_secret_access_key = {{ .Values.aws.secretKey }} -{{ end }} - - -{{- define "external-dns.aws-config" }} -[profile default] -{{- if .Values.aws.roleArn }} -role_arn = {{ .Values.aws.roleArn }} -{{- end }} -region = {{ .Values.aws.region }} -source_profile = default -{{ end }} - -{{- define "external-dns.alibabacloud-config" }} -accessKeyId: {{ .Values.alibabacloud.accessKey }} -accessKeySecret: {{ .Values.alibabacloud.secretKey }} -{{ end }} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{- define "deployment_api_version" -}} -{{- if .Capabilities.APIVersions.Has "apps/v1" -}} -{{- "apps/v1" -}} -{{- else if .Capabilities.APIVersions.Has "apps/v1beta2" -}} -{{- "apps/v1beta2" -}} -{{- else if .Capabilities.APIVersions.Has "apps/v1beta1" -}} -{{- "apps/v1beta1" -}} -{{- else -}} -{{- "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-external-dns/v0.0.2/templates/clusterrole.yaml b/charts/rancher-external-dns/v0.0.2/templates/clusterrole.yaml deleted file mode 100644 index 8ef1346cc..000000000 --- a/charts/rancher-external-dns/v0.0.2/templates/clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRole -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -rules: - - apiGroups: - - "" - resources: - - services - - pods - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/rancher-external-dns/v0.0.2/templates/clusterrolebinding.yaml b/charts/rancher-external-dns/v0.0.2/templates/clusterrolebinding.yaml deleted file mode 100644 index b93b19f30..000000000 --- a/charts/rancher-external-dns/v0.0.2/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRoleBinding -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "external-dns.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/rancher-external-dns/v0.0.2/templates/configmap.yaml b/charts/rancher-external-dns/v0.0.2/templates/configmap.yaml deleted file mode 100644 index 8cb558177..000000000 --- a/charts/rancher-external-dns/v0.0.2/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "external-dns.fullname" . }} - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -data: - {{ .Values.designate.customCA.filename }}: | -{{ .Values.designate.customCA.content | indent 4 }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.0.2/templates/deployment.yaml b/charts/rancher-external-dns/v0.0.2/templates/deployment.yaml deleted file mode 100755 index 0c792b5d0..000000000 --- a/charts/rancher-external-dns/v0.0.2/templates/deployment.yaml +++ /dev/null @@ -1,263 +0,0 @@ -apiVersion: {{ template "deployment_api_version" . }} -kind: Deployment -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -spec: - selector: - matchLabels: - {{ include "external-dns.labels" . | indent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8}} - {{- end }} - labels: {{ include "external-dns.labels" . | indent 8 }} - spec: - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $sec := .Values.image.pullSecrets }} - - name: {{$sec | quote }} - {{- end }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: {{ template "external-dns.name" . }} - image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ .Values.image.tag }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - args: - {{- if .Values.logLevel }} - - --log-level={{ .Values.logLevel }} - {{- end }} - {{- if .Values.publishInternalServices }} - - --publish-internal-services - {{- end }} - {{- range .Values.domainFilters }} - - --domain-filter={{ . }} - {{- end }} - {{- range .Values.zoneIdFilters }} - - --zone-id-filter={{ . }} - {{- end }} - - --policy={{ .Values.policy }} - - --provider={{ .Values.provider }} - - --registry={{ .Values.registry }} - - --interval={{ .Values.interval }} - {{- if .Values.txtOwnerId }} - - --txt-owner-id={{ .Values.txtOwnerId }} - {{- end }} - {{- if .Values.txtPrefix }} - - --txt-prefix={{ .Values.txtPrefix }} - {{- end }} - {{- if .Values.annotationFilter }} - - --annotation-filter={{ .Values.annotationFilter }} - {{- end }} - {{- range .Values.sources }} - - --source={{ . }} - {{- end }} - {{ if .Values.dryRun }} - - --dry-run - {{- end }} - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "cloudflare" }} - {{- if .Values.cloudflare.proxied }} - - --cloudflare-proxied - {{- end }} - {{- end }} - {{- if .Values.aws.zoneType }} - - --aws-zone-type={{ .Values.aws.zoneType }} - {{- end }} - {{- if .Values.google.project }} - - --google-project={{ .Values.google.project }} - {{- end }} - {{- if eq .Values.provider "infoblox" }} - - --infoblox-grid-host={{ .Values.infoblox.gridHost }} - {{- if .Values.infoblox.domainFilter }} - - --domain-filter={{ .Values.infoblox.domainFilter }} - {{- end }} - {{- if .Values.infoblox.wapiPort }} - - --infoblox-wapi-port={{ .Values.infoblox.wapiPort }} - {{- end }} - {{- if .Values.infoblox.wapiVersion }} - - --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }} - {{- end }} - {{- if .Values.infoblox.noSslVerify }} - - --no-infoblox-ssl-verify - {{- else }} - - --infoblox-ssl-verify - {{- end }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - --alibaba-cloud-config-file=/etc/kubernetes/config.yaml - {{- end }} - {{- if .Values.alibabacloud.zoneType }} - - --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }} - {{- end }} - volumeMounts: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: google-service-account - mountPath: /etc/secrets/service-account/ - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if not .Values.azure.secretName }} - mountPath: /etc/kubernetes/azure.json - {{- else }} - mountPath: /etc/kubernetes/ - {{- end }} - readOnly: true - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - mountPath: {{ .Values.aws.credentialsPath }} - readOnly: true - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - mountPath: {{ .Values.designate.customCA.directory }} - readOnly: true - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - mountPath: /etc/kubernetes/ - readOnly: true - - mountPath: /usr/share/zoneinfo - name: zoneinfo - readOnly: true - {{- end }} - env: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /etc/secrets/service-account/credentials.json - {{- end }} - {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} - {{- if .Values.aws.region }} - - name: AWS_DEFAULT_REGION - value: {{ .Values.aws.region }} - {{- end }} - {{- end }} - {{- if and .Values.cloudflare.apiKey .Values.cloudflare.email }} - - name: CF_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: cloudflare_api_key - - name: CF_API_EMAIL - value: "{{ .Values.cloudflare.email }}" - {{- end }} - {{- if .Values.infoblox.wapiConnectionPoolSize }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS - value: "{{ .Values.infoblox.wapiConnectionPoolSize }}" - {{- end }} - {{- if .Values.infoblox.wapiHttpTimeout }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT - value: "{{ .Values.infoblox.wapiHttpTimeout }}" - {{- end }} - {{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - - name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_username - - name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_password - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: OPENSTACK_CA_FILE - value: {{ .Values.designate.customCA.directory }}/{{ .Values.designate.customCA.filename }} - {{- end }} - {{- $root := . -}} - {{- range .Values.extraEnv }} - - name: {{ .name }} - valueFrom: - {{- if .valueFrom }} -{{ toYaml .valueFrom | indent 14 }} - {{- else }} - secretKeyRef: - name: {{ template "external-dns.fullname" $root }} - key: {{ .name }} - {{- end }} - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: 7979 - ports: - - containerPort: 7979 - {{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - volumes: - {{- if .Values.google.serviceAccountSecret }} - - name: google-service-account - secret: - secretName: {{ .Values.google.serviceAccountSecret | quote }} - {{- else if .Values.google.serviceAccountKey }} - - name: google-service-account - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if (not .Values.azure.secretName)}} - hostPath: - path: /etc/kubernetes/azure.json - type: File - {{- else}} - secret: - secretName: {{.Values.azure.secretName}} - {{- end}} - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - configMap: - name: {{ template "external-dns.fullname" . }} - items: - - key: {{ .Values.designate.customCA.filename }} - path: {{ .Values.designate.customCA.filename }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - secret: - secretName: {{ template "external-dns.fullname" . }} - - name: zoneinfo - hostPath: - path: /usr/share/zoneinfo - {{- end }} - nodeSelector: - beta.kubernetes.io/os: linux - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "external-dns.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} diff --git a/charts/rancher-external-dns/v0.0.2/templates/secret.yaml b/charts/rancher-external-dns/v0.0.2/templates/secret.yaml deleted file mode 100644 index a5a5fc428..000000000 --- a/charts/rancher-external-dns/v0.0.2/templates/secret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if or (and .Values.aws.secretKey .Values.aws.accessKey) .Values.cloudflare.apiKey (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) .Values.extraEnv .Values.google.serviceAccountKey (and .Values.alibabacloud.secretKey .Values.alibabacloud.accessKey) -}} -apiVersion: v1 -kind: Secret -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -type: Opaque -data: -{{- if eq .Values.provider "aws" }} - credentials: {{ include "external-dns.aws-credentials" . | b64enc | quote }} - config: {{ include "external-dns.aws-config" . | b64enc | quote }} -{{- end}} -{{- if and (eq .Values.provider "google") .Values.google.serviceAccountKey }} - credentials.json: {{ .Values.google.serviceAccountKey | b64enc | quote }} -{{- end}} -{{- if .Values.cloudflare.apiKey }} - cloudflare_api_key: {{ .Values.cloudflare.apiKey | b64enc | quote }} -{{- end }} -{{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - infoblox_wapi_username: {{ .Values.infoblox.wapiUsername | b64enc | quote }} - infoblox_wapi_password: {{ .Values.infoblox.wapiPassword | b64enc | quote }} -{{- end }} -{{- if eq .Values.provider "alibabacloud" }} - config.yaml: {{ include "external-dns.alibabacloud-config" . | b64enc | quote }} -{{- end}} - -{{- range .Values.extraEnv }} - {{- if .value }} - {{ .name }}: {{ .value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.0.2/templates/service.yaml b/charts/rancher-external-dns/v0.0.2/templates/service.yaml deleted file mode 100644 index ef73ad2b2..000000000 --- a/charts/rancher-external-dns/v0.0.2/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "external-dns.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "external-dns.fullname" . }} -spec: -{{- if .Values.service.clusterIP }} - clusterIP: "{{ .Values.service.clusterIP }}" -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - port: {{ .Values.service.servicePort }} - protocol: TCP - targetPort: 7979 - name: http - selector: - app: {{ template "external-dns.name" . }} - release: {{ .Release.Name }} - type: "{{ .Values.service.type }}" diff --git a/charts/rancher-external-dns/v0.0.2/templates/serviceaccount.yaml b/charts/rancher-external-dns/v0.0.2/templates/serviceaccount.yaml deleted file mode 100644 index 936ed7580..000000000 --- a/charts/rancher-external-dns/v0.0.2/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.0.2/values.yaml b/charts/rancher-external-dns/v0.0.2/values.yaml deleted file mode 100644 index 668f0d260..000000000 --- a/charts/rancher-external-dns/v0.0.2/values.yaml +++ /dev/null @@ -1,177 +0,0 @@ -## Details about the image to be pulled. -image: - repository: rancher/kubernetes-external-dns - tag: v0.5.11 - pullSecrets: [] - pullPolicy: IfNotPresent - -## This controls which types of resource external-dns should 'watch' for new -## DNS entries. -sources: - - service - - ingress - -# Allow external-dns to publish DNS records for ClusterIP services (optional) -publishInternalServices: false - -## The DNS provider where the DNS records will be created (options: aws, google, inmemory, azure, alibabacloud ) -provider: aws - -# Configurations for Alibabacloud provider -alibabacloud: - accessKey: "" - secretKey: "" - # Filter for zones of this type (optional, options: public, private or no value for both) - zoneType: "" - -# AWS Access keys to inject as environment variables -aws: - secretKey: "" - accessKey: "" - # pre external-dns 0.5.9 home dir should be `/root/.aws` - credentialsPath: "/.aws" - roleArn: "" - region: "us-east-1" - # Filter for zones of this type (optional, options: public, private) - zoneType: "" - -azure: -# If you don't specify a secret to load azure.json from, you will get the host's /etc/kubernetes/azure.json - secretName: "" - -# Cloudflare keys to inject as environment variables -cloudflare: - apiKey: "" - email: "" - proxied: true - -# Configuration for OpenStack Designate provider -designate: - # A custom CA (optional) - customCA: - # Turn custom CA on or off - enabled: false - # The content of the custom CA file - content: "" - # Location to mount custom CA - directory: "/config/designate" - # Filename of the custom CA - filename: "designate-ca.pem" - -# When using the Google provider, specify the Google project (required when provider=google) -google: - project: "" - serviceAccountSecret: "" - serviceAccountKey: "" - -# Infoblox keys to inject -infoblox: - # Required keys: - wapiUsername: "" - wapiPassword: "" - gridHost: "" - # Optional keys: - domainFilter: "" - noSslVerify: false - wapiPort: "" - wapiVersion: "" - wapiConnectionPoolSize: "" - wapiHttpTimeout: "" - -## Limit possible target zones by domain suffixes (optional) -domainFilters: [] -## Limit possible target zones by zone id (optional) -zoneIdFilters: [] -# Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) -annotationFilter: "" -## Adjust the interval for DNS updates -interval: "1m" - -# Registry to use for ownership (txt or noop) -registry: "txt" - -# When using the TXT registry, a name that identifies this instance of ExternalDNS -txtOwnerId: "" - -# When enabled, prints DNS record changes rather than actually performing them -dryRun: false - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -## Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ) -policy: upsert-only - -## Annotations to be added to pods -## -podAnnotations: {} - -podLabels: {} - -# Verbosity of the logs (options: panic, debug, info, warn, error, fatal) -logLevel: info - -extraArgs: {} - -# Extra environment variables which will be saved in a release-specific secret -# or retrieved via valueFrom. -# extraEnv: -# - name: SECRET_TO_SAVE -# value: secret_value -# - name: AWS_ACCESS_KEY_ID -# valueFrom: -# secretKeyRef: -# name: existing-secret -# key: access-key-id -extraEnv: [] - -## CPU and Memory limit and request for external-dns -resources: - limits: - memory: 100Mi - cpu: 200m - requests: - memory: 50Mi - cpu: 100m - -rbac: - ## If true, create & use RBAC resources - ## - create: false - # Beginning with Kubernetes 1.8, the api is stable and v1 can be used. - apiVersion: v1beta1 - - ## Ignored if rbac.create is true - ## - serviceAccountName: default - -securityContext: {} - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 65534 # 65534 is nobody - revise aws.credentialsPath when changing uid - # capabilities: - # drop: ["ALL"] - -service: - annotations: {} - clusterIP: "" - - ## List of IP addresses at which the service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 7979 - type: ClusterIP - -priorityClassName: "" - -global: - systemDefaultRegistry: "" diff --git a/charts/rancher-external-dns/v0.1.0/.helmignore b/charts/rancher-external-dns/v0.1.0/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-external-dns/v0.1.0/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-external-dns/v0.1.0/Chart.yaml b/charts/rancher-external-dns/v0.1.0/Chart.yaml deleted file mode 100644 index 2b41d1fde..000000000 --- a/charts/rancher-external-dns/v0.1.0/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -description: | - Configure external DNS servers (AWS Route53, Google CloudDNS and others) - for Kubernetes Ingresses and Services -name: rancher-external-dns -version: 0.1.0 -appVersion: 0.6.0 -home: https://github.com/kubernetes-incubator/external-dns -sources: - - https://github.com/kubernetes-incubator/external-dns -engine: gotpl -maintainers: -- name: rabadin - email: rabadin@cisco.com diff --git a/charts/rancher-external-dns/v0.1.0/README.md b/charts/rancher-external-dns/v0.1.0/README.md deleted file mode 100644 index 9ccb2db29..000000000 --- a/charts/rancher-external-dns/v0.1.0/README.md +++ /dev/null @@ -1,132 +0,0 @@ -# external-dns - -## Chart Details - -This chart will do the following: - -* Create a deployment of [external-dns] within your Kubernetes Cluster. - -Currently this uses official images from release notes at https://github.com/kubernetes-sigs/external-dns, if this is a concern follow the steps in the [external-dns] documentation to compile the binary and make a container. Where the chart pulls the image from is fully configurable. - -> **Note**: If you want to use Chart version >1.1.0 with external-dns image <0.5.9 and use aws credentials, make sure to set `aws.credentialsPath: "/root/.aws"` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release stable/external-dns -``` - -## Configuration - -The following table lists the configurable parameters of the external-dns chart and their default values. - - -| Parameter | Description | Default | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | -| `annotationFilter` | Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) (optional). | `""` | -| `aws.accessKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.secretKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.credentialsPath` | determine `mountPath` for `credentials` secret, defaults to `nobody` USER home path `/.aws` (optional). | `"/.aws"` | -| `aws.region` | `AWS_DEFAULT_REGION` to set in the environment (optional). | `us-east-1` | -| `aws.roleArn` | If assume role credentials are used then is the role_arn (arn:aws:iam::....). Leave empty if not used. | `""` | -| `aws.zoneType` | Filter for zones of this type (optional, options: public, private). | `""` | -| `azure.secretName` | Set the secret created for the SP for azure, should contain an azure.json file | `""` | -| `cloudflare.apiKey` | `CF_API_KEY` to set in the environment (optional). | `""` | -| `cloudflare.email` | `CF_API_EMAIL` to set in the environment (optional). | `""` | -| `cloudflare.proxied` | enable the proxy feature of Cloudflare (DDOS protection, CDN...) (optional). | `true` | -| `designate.customCA.enabled` | A switch to enable a custom CA for the Designate provider (optional) | false | -| `designate.customCA.content` | The content of the Designate provider's custom CA | "" | -| `designate.customCA.directory` | Directory in which to mount the Designate provider's custom CA | "/config/designate" | -| `designate.customCA.filename` | Filename of Designate provider's custom CA | "designate-ca.pem" | -| `domainFilters` | Limit possible target zones by domain suffixes (optional). | `[]` | -| `dryRun` | When enabled, prints DNS record changes rather than actually performing them (optional). | `false` | -| `extraArgs` | Optional object of extra args, as `name`: `value` pairs. Where the name is the command line arg to external-dns. | `{}` | -| `extraEnv` | Optional array of extra environment variables. Supply a `name` property and either `value` of `valueFrom` for each. | `[]` | -| `google.project` | When using the Google provider, specify the Google project (required when provider=google). | `""` | -| `google.serviceAccountSecret` | When using the Google provider, optionally specify the existing secret which contains credentials.json if necessary. | `""` | -| `google.serviceAccountKey` | When using the Google provider, optionally specify the service account key JSON file. Must be provided when no existing secret is used, in this case a new secret will be created holding this service account | `""` | -| `image.repository` | Container image name (Including repository name if not `hub.docker.com`). | `registry.opensource.zalan.do/teapot/external-dns` | -| `image.pullPolicy` | Container pull policy. | `IfNotPresent` | -| `image.tag` | Container image tag. | `v0.5.9` | -| `image.pullSecrets` | Array of pull secret names | `[]` | -| `infoblox.gridHost` | When using the Infoblox provider, specify the Infoblox Grid host. | `""` | -| `infoblox.wapiUsername` | When using the Infoblox provider, specify the Infoblox WAPI username. | `""` | -| `infoblox.wapiPassword` | When using the Infoblox provider, specify the Infoblox WAPI password. | `""` | -| `infoblox.domainFilter` | When using the Infoblox provider, optionally specify the domain. | `""` | -| `infoblox.noSslVerify` | When using the Infoblox provider, optionally disable SSL verification. | `false` | -| `infoblox.wapiPort` | When using the Infoblox provider, optionally specify the Infoblox WAPI port. | `""` | -| `infoblox.wapiVersion` | When using the Infoblox provider, optionally specify the Infoblox WAPI version. | `""` | -| `infoblox.wapiConnectionPoolSize` | When using the Infoblox provider, optionally specify the Infoblox WAPI request connection pool size. | `""` | -| `infoblox.wapiHttpTimeout` | When using the Infoblox provider, optionally specify the Infoblox WAPI request timeout in seconds. | `""` | -| `logLevel` | Verbosity of the logs (options: panic, debug, info, warn, error, fatal) | `info` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `podAnnotations` | Additional annotations to apply to the pod. | `{}` | -| `policy` | Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ). | `upsert-only` | -| `provider` | The DNS provider where the DNS records will be created (options: aws, google, azure, cloudflare, digitalocean, inmemory ). | `aws` | -| `publishInternalServices` | Allow external-dns to publish DNS records for ClusterIP services (optional). | `false` | -| `rbac.create` | If true, create & use RBAC resources | `false` | -| `rbac.serviceAccountName` | Existing ServiceAccount to use (ignored if rbac.create=true) | `default` | -| `interval` | Interval update period to use (options: txt, noop) | `txt` | -| `registry` | Registry method to use (options: txt, noop) | `txt` | -| `resources` | CPU/Memory resource requests/limits. | `{}` | -| `securityContext` | Security options the pod should run with. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{}` | -| `priorityClassName` | priorityClassName | `""` | -| `service.annotations` | Annotations to add to service | `{}` | -| `service.clusterIP` | IP address to assign to service | `""` | -| `service.externalIPs` | Service external IP addresses | `[]` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `service.servicePort` | Service port to expose | `7979` | -| `service.type` | Type of service to create | `ClusterIP` | -| `sources` | List of resource types to monitor, possible values are fake, service or ingress. | `[service, ingress]` | -| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | -| `affinity` | List of affinities (requires Kubernetes >=1.6) | `{}` | -| `txtOwnerId` | When using the TXT registry, a name that identifies this instance of ExternalDNS (optional) | `"default"` | -| `txtPrefix` | When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) | `""` | -| `zoneIdFilters` | Limit possible target zones by zone id (optional) | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --name my-release -f values.yaml stable/external-dns -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## IAM Permissions - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "route53:ChangeResourceRecordSets" - ], - "Resource": [ - "arn:aws:route53:::hostedzone/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones", - "route53:ListResourceRecordSets" - ], - "Resource": [ - "*" - ] - } - ] -} -``` - -[external-dns]: https://github.com/kubernetes-incubator/external-dns -[Zalando]: https://zalando.github.io/ -[getting-started]: https://github.com/kubernetes-incubator/external-dns/blob/master/README.md#getting-started diff --git a/charts/rancher-external-dns/v0.1.0/questions.yml b/charts/rancher-external-dns/v0.1.0/questions.yml deleted file mode 100644 index a0685b1e7..000000000 --- a/charts/rancher-external-dns/v0.1.0/questions.yml +++ /dev/null @@ -1,2 +0,0 @@ -rancher_min_version: 2.3.0-rc1 -rancher_max_version: 2.5.99 diff --git a/charts/rancher-external-dns/v0.1.0/templates/NOTES.txt b/charts/rancher-external-dns/v0.1.0/templates/NOTES.txt deleted file mode 100644 index e04285496..000000000 --- a/charts/rancher-external-dns/v0.1.0/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that external-dns has started, run: - - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "external-dns.name" . }},release={{ .Release.Name }}" diff --git a/charts/rancher-external-dns/v0.1.0/templates/_helpers.tpl b/charts/rancher-external-dns/v0.1.0/templates/_helpers.tpl deleted file mode 100644 index 63b3a9d3a..000000000 --- a/charts/rancher-external-dns/v0.1.0/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "external-dns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "external-dns.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if ne $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* Generate basic labels */}} -{{- define "external-dns.labels" }} -app: {{ template "external-dns.name" . }} -heritage: {{.Release.Service }} -release: {{.Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels }} -{{- end }} -{{- end }} - -{{- define "external-dns.aws-credentials" }} -[default] -aws_access_key_id = {{ .Values.aws.accessKey }} -aws_secret_access_key = {{ .Values.aws.secretKey }} -{{ end }} - - -{{- define "external-dns.aws-config" }} -[profile default] -{{- if .Values.aws.roleArn }} -role_arn = {{ .Values.aws.roleArn }} -{{- end }} -region = {{ .Values.aws.region }} -{{ end }} - -{{- define "external-dns.alibabacloud-config" }} -accessKeyId: {{ .Values.alibabacloud.accessKey }} -accessKeySecret: {{ .Values.alibabacloud.secretKey }} -{{ end }} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{- define "deployment_api_version" -}} -{{- if .Capabilities.APIVersions.Has "apps/v1" -}} -{{- "apps/v1" -}} -{{- else if .Capabilities.APIVersions.Has "apps/v1beta2" -}} -{{- "apps/v1beta2" -}} -{{- else if .Capabilities.APIVersions.Has "apps/v1beta1" -}} -{{- "apps/v1beta1" -}} -{{- else -}} -{{- "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-external-dns/v0.1.0/templates/clusterrole.yaml b/charts/rancher-external-dns/v0.1.0/templates/clusterrole.yaml deleted file mode 100644 index 8ef1346cc..000000000 --- a/charts/rancher-external-dns/v0.1.0/templates/clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRole -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -rules: - - apiGroups: - - "" - resources: - - services - - pods - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/rancher-external-dns/v0.1.0/templates/clusterrolebinding.yaml b/charts/rancher-external-dns/v0.1.0/templates/clusterrolebinding.yaml deleted file mode 100644 index b93b19f30..000000000 --- a/charts/rancher-external-dns/v0.1.0/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRoleBinding -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "external-dns.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/rancher-external-dns/v0.1.0/templates/configmap.yaml b/charts/rancher-external-dns/v0.1.0/templates/configmap.yaml deleted file mode 100644 index 8cb558177..000000000 --- a/charts/rancher-external-dns/v0.1.0/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "external-dns.fullname" . }} - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -data: - {{ .Values.designate.customCA.filename }}: | -{{ .Values.designate.customCA.content | indent 4 }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.1.0/templates/deployment.yaml b/charts/rancher-external-dns/v0.1.0/templates/deployment.yaml deleted file mode 100755 index 0c792b5d0..000000000 --- a/charts/rancher-external-dns/v0.1.0/templates/deployment.yaml +++ /dev/null @@ -1,263 +0,0 @@ -apiVersion: {{ template "deployment_api_version" . }} -kind: Deployment -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -spec: - selector: - matchLabels: - {{ include "external-dns.labels" . | indent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8}} - {{- end }} - labels: {{ include "external-dns.labels" . | indent 8 }} - spec: - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $sec := .Values.image.pullSecrets }} - - name: {{$sec | quote }} - {{- end }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: {{ template "external-dns.name" . }} - image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ .Values.image.tag }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - args: - {{- if .Values.logLevel }} - - --log-level={{ .Values.logLevel }} - {{- end }} - {{- if .Values.publishInternalServices }} - - --publish-internal-services - {{- end }} - {{- range .Values.domainFilters }} - - --domain-filter={{ . }} - {{- end }} - {{- range .Values.zoneIdFilters }} - - --zone-id-filter={{ . }} - {{- end }} - - --policy={{ .Values.policy }} - - --provider={{ .Values.provider }} - - --registry={{ .Values.registry }} - - --interval={{ .Values.interval }} - {{- if .Values.txtOwnerId }} - - --txt-owner-id={{ .Values.txtOwnerId }} - {{- end }} - {{- if .Values.txtPrefix }} - - --txt-prefix={{ .Values.txtPrefix }} - {{- end }} - {{- if .Values.annotationFilter }} - - --annotation-filter={{ .Values.annotationFilter }} - {{- end }} - {{- range .Values.sources }} - - --source={{ . }} - {{- end }} - {{ if .Values.dryRun }} - - --dry-run - {{- end }} - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "cloudflare" }} - {{- if .Values.cloudflare.proxied }} - - --cloudflare-proxied - {{- end }} - {{- end }} - {{- if .Values.aws.zoneType }} - - --aws-zone-type={{ .Values.aws.zoneType }} - {{- end }} - {{- if .Values.google.project }} - - --google-project={{ .Values.google.project }} - {{- end }} - {{- if eq .Values.provider "infoblox" }} - - --infoblox-grid-host={{ .Values.infoblox.gridHost }} - {{- if .Values.infoblox.domainFilter }} - - --domain-filter={{ .Values.infoblox.domainFilter }} - {{- end }} - {{- if .Values.infoblox.wapiPort }} - - --infoblox-wapi-port={{ .Values.infoblox.wapiPort }} - {{- end }} - {{- if .Values.infoblox.wapiVersion }} - - --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }} - {{- end }} - {{- if .Values.infoblox.noSslVerify }} - - --no-infoblox-ssl-verify - {{- else }} - - --infoblox-ssl-verify - {{- end }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - --alibaba-cloud-config-file=/etc/kubernetes/config.yaml - {{- end }} - {{- if .Values.alibabacloud.zoneType }} - - --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }} - {{- end }} - volumeMounts: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: google-service-account - mountPath: /etc/secrets/service-account/ - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if not .Values.azure.secretName }} - mountPath: /etc/kubernetes/azure.json - {{- else }} - mountPath: /etc/kubernetes/ - {{- end }} - readOnly: true - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - mountPath: {{ .Values.aws.credentialsPath }} - readOnly: true - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - mountPath: {{ .Values.designate.customCA.directory }} - readOnly: true - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - mountPath: /etc/kubernetes/ - readOnly: true - - mountPath: /usr/share/zoneinfo - name: zoneinfo - readOnly: true - {{- end }} - env: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /etc/secrets/service-account/credentials.json - {{- end }} - {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} - {{- if .Values.aws.region }} - - name: AWS_DEFAULT_REGION - value: {{ .Values.aws.region }} - {{- end }} - {{- end }} - {{- if and .Values.cloudflare.apiKey .Values.cloudflare.email }} - - name: CF_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: cloudflare_api_key - - name: CF_API_EMAIL - value: "{{ .Values.cloudflare.email }}" - {{- end }} - {{- if .Values.infoblox.wapiConnectionPoolSize }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS - value: "{{ .Values.infoblox.wapiConnectionPoolSize }}" - {{- end }} - {{- if .Values.infoblox.wapiHttpTimeout }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT - value: "{{ .Values.infoblox.wapiHttpTimeout }}" - {{- end }} - {{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - - name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_username - - name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_password - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: OPENSTACK_CA_FILE - value: {{ .Values.designate.customCA.directory }}/{{ .Values.designate.customCA.filename }} - {{- end }} - {{- $root := . -}} - {{- range .Values.extraEnv }} - - name: {{ .name }} - valueFrom: - {{- if .valueFrom }} -{{ toYaml .valueFrom | indent 14 }} - {{- else }} - secretKeyRef: - name: {{ template "external-dns.fullname" $root }} - key: {{ .name }} - {{- end }} - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: 7979 - ports: - - containerPort: 7979 - {{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - volumes: - {{- if .Values.google.serviceAccountSecret }} - - name: google-service-account - secret: - secretName: {{ .Values.google.serviceAccountSecret | quote }} - {{- else if .Values.google.serviceAccountKey }} - - name: google-service-account - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if (not .Values.azure.secretName)}} - hostPath: - path: /etc/kubernetes/azure.json - type: File - {{- else}} - secret: - secretName: {{.Values.azure.secretName}} - {{- end}} - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - configMap: - name: {{ template "external-dns.fullname" . }} - items: - - key: {{ .Values.designate.customCA.filename }} - path: {{ .Values.designate.customCA.filename }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - secret: - secretName: {{ template "external-dns.fullname" . }} - - name: zoneinfo - hostPath: - path: /usr/share/zoneinfo - {{- end }} - nodeSelector: - beta.kubernetes.io/os: linux - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "external-dns.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} diff --git a/charts/rancher-external-dns/v0.1.0/templates/secret.yaml b/charts/rancher-external-dns/v0.1.0/templates/secret.yaml deleted file mode 100644 index a5a5fc428..000000000 --- a/charts/rancher-external-dns/v0.1.0/templates/secret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if or (and .Values.aws.secretKey .Values.aws.accessKey) .Values.cloudflare.apiKey (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) .Values.extraEnv .Values.google.serviceAccountKey (and .Values.alibabacloud.secretKey .Values.alibabacloud.accessKey) -}} -apiVersion: v1 -kind: Secret -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -type: Opaque -data: -{{- if eq .Values.provider "aws" }} - credentials: {{ include "external-dns.aws-credentials" . | b64enc | quote }} - config: {{ include "external-dns.aws-config" . | b64enc | quote }} -{{- end}} -{{- if and (eq .Values.provider "google") .Values.google.serviceAccountKey }} - credentials.json: {{ .Values.google.serviceAccountKey | b64enc | quote }} -{{- end}} -{{- if .Values.cloudflare.apiKey }} - cloudflare_api_key: {{ .Values.cloudflare.apiKey | b64enc | quote }} -{{- end }} -{{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - infoblox_wapi_username: {{ .Values.infoblox.wapiUsername | b64enc | quote }} - infoblox_wapi_password: {{ .Values.infoblox.wapiPassword | b64enc | quote }} -{{- end }} -{{- if eq .Values.provider "alibabacloud" }} - config.yaml: {{ include "external-dns.alibabacloud-config" . | b64enc | quote }} -{{- end}} - -{{- range .Values.extraEnv }} - {{- if .value }} - {{ .name }}: {{ .value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.1.0/templates/service.yaml b/charts/rancher-external-dns/v0.1.0/templates/service.yaml deleted file mode 100644 index ef73ad2b2..000000000 --- a/charts/rancher-external-dns/v0.1.0/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "external-dns.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "external-dns.fullname" . }} -spec: -{{- if .Values.service.clusterIP }} - clusterIP: "{{ .Values.service.clusterIP }}" -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - port: {{ .Values.service.servicePort }} - protocol: TCP - targetPort: 7979 - name: http - selector: - app: {{ template "external-dns.name" . }} - release: {{ .Release.Name }} - type: "{{ .Values.service.type }}" diff --git a/charts/rancher-external-dns/v0.1.0/templates/serviceaccount.yaml b/charts/rancher-external-dns/v0.1.0/templates/serviceaccount.yaml deleted file mode 100644 index 936ed7580..000000000 --- a/charts/rancher-external-dns/v0.1.0/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.1.0/values.yaml b/charts/rancher-external-dns/v0.1.0/values.yaml deleted file mode 100644 index 15558f526..000000000 --- a/charts/rancher-external-dns/v0.1.0/values.yaml +++ /dev/null @@ -1,177 +0,0 @@ -## Details about the image to be pulled. -image: - repository: rancher/kubernetes-external-dns - tag: v0.6.0 - pullSecrets: [] - pullPolicy: IfNotPresent - -## This controls which types of resource external-dns should 'watch' for new -## DNS entries. -sources: - - service - - ingress - -# Allow external-dns to publish DNS records for ClusterIP services (optional) -publishInternalServices: false - -## The DNS provider where the DNS records will be created (options: aws, google, inmemory, azure, alibabacloud ) -provider: aws - -# Configurations for Alibabacloud provider -alibabacloud: - accessKey: "" - secretKey: "" - # Filter for zones of this type (optional, options: public, private or no value for both) - zoneType: "" - -# AWS Access keys to inject as environment variables -aws: - secretKey: "" - accessKey: "" - # pre external-dns 0.5.9 home dir should be `/root/.aws` - credentialsPath: "/.aws" - roleArn: "" - region: "us-east-1" - # Filter for zones of this type (optional, options: public, private) - zoneType: "" - -azure: -# If you don't specify a secret to load azure.json from, you will get the host's /etc/kubernetes/azure.json - secretName: "" - -# Cloudflare keys to inject as environment variables -cloudflare: - apiKey: "" - email: "" - proxied: true - -# Configuration for OpenStack Designate provider -designate: - # A custom CA (optional) - customCA: - # Turn custom CA on or off - enabled: false - # The content of the custom CA file - content: "" - # Location to mount custom CA - directory: "/config/designate" - # Filename of the custom CA - filename: "designate-ca.pem" - -# When using the Google provider, specify the Google project (required when provider=google) -google: - project: "" - serviceAccountSecret: "" - serviceAccountKey: "" - -# Infoblox keys to inject -infoblox: - # Required keys: - wapiUsername: "" - wapiPassword: "" - gridHost: "" - # Optional keys: - domainFilter: "" - noSslVerify: false - wapiPort: "" - wapiVersion: "" - wapiConnectionPoolSize: "" - wapiHttpTimeout: "" - -## Limit possible target zones by domain suffixes (optional) -domainFilters: [] -## Limit possible target zones by zone id (optional) -zoneIdFilters: [] -# Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) -annotationFilter: "" -## Adjust the interval for DNS updates -interval: "1m" - -# Registry to use for ownership (txt or noop) -registry: "txt" - -# When using the TXT registry, a name that identifies this instance of ExternalDNS -txtOwnerId: "" - -# When enabled, prints DNS record changes rather than actually performing them -dryRun: false - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -## Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ) -policy: upsert-only - -## Annotations to be added to pods -## -podAnnotations: {} - -podLabels: {} - -# Verbosity of the logs (options: panic, debug, info, warn, error, fatal) -logLevel: info - -extraArgs: {} - -# Extra environment variables which will be saved in a release-specific secret -# or retrieved via valueFrom. -# extraEnv: -# - name: SECRET_TO_SAVE -# value: secret_value -# - name: AWS_ACCESS_KEY_ID -# valueFrom: -# secretKeyRef: -# name: existing-secret -# key: access-key-id -extraEnv: [] - -## CPU and Memory limit and request for external-dns -resources: - limits: - memory: 100Mi - cpu: 200m - requests: - memory: 50Mi - cpu: 100m - -rbac: - ## If true, create & use RBAC resources - ## - create: false - # Beginning with Kubernetes 1.8, the api is stable and v1 can be used. - apiVersion: v1beta1 - - ## Ignored if rbac.create is true - ## - serviceAccountName: default - -securityContext: {} - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 65534 # 65534 is nobody - revise aws.credentialsPath when changing uid - # capabilities: - # drop: ["ALL"] - -service: - annotations: {} - clusterIP: "" - - ## List of IP addresses at which the service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 7979 - type: ClusterIP - -priorityClassName: "" - -global: - systemDefaultRegistry: "" diff --git a/charts/rancher-external-dns/v0.1.1/.helmignore b/charts/rancher-external-dns/v0.1.1/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-external-dns/v0.1.1/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-external-dns/v0.1.1/Chart.yaml b/charts/rancher-external-dns/v0.1.1/Chart.yaml deleted file mode 100644 index 63540d7ef..000000000 --- a/charts/rancher-external-dns/v0.1.1/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -description: | - Configure external DNS servers (AWS Route53, Google CloudDNS and others) - for Kubernetes Ingresses and Services -name: rancher-external-dns -version: 0.1.1 -appVersion: 0.7.3 -home: https://github.com/kubernetes-sigs/external-dns -sources: - - https://github.com/kubernetes-sigs/external-dns -engine: gotpl -maintainers: -- name: rabadin - email: rabadin@cisco.com diff --git a/charts/rancher-external-dns/v0.1.1/README.md b/charts/rancher-external-dns/v0.1.1/README.md deleted file mode 100644 index 9ccb2db29..000000000 --- a/charts/rancher-external-dns/v0.1.1/README.md +++ /dev/null @@ -1,132 +0,0 @@ -# external-dns - -## Chart Details - -This chart will do the following: - -* Create a deployment of [external-dns] within your Kubernetes Cluster. - -Currently this uses official images from release notes at https://github.com/kubernetes-sigs/external-dns, if this is a concern follow the steps in the [external-dns] documentation to compile the binary and make a container. Where the chart pulls the image from is fully configurable. - -> **Note**: If you want to use Chart version >1.1.0 with external-dns image <0.5.9 and use aws credentials, make sure to set `aws.credentialsPath: "/root/.aws"` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release stable/external-dns -``` - -## Configuration - -The following table lists the configurable parameters of the external-dns chart and their default values. - - -| Parameter | Description | Default | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | -| `annotationFilter` | Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) (optional). | `""` | -| `aws.accessKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.secretKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.credentialsPath` | determine `mountPath` for `credentials` secret, defaults to `nobody` USER home path `/.aws` (optional). | `"/.aws"` | -| `aws.region` | `AWS_DEFAULT_REGION` to set in the environment (optional). | `us-east-1` | -| `aws.roleArn` | If assume role credentials are used then is the role_arn (arn:aws:iam::....). Leave empty if not used. | `""` | -| `aws.zoneType` | Filter for zones of this type (optional, options: public, private). | `""` | -| `azure.secretName` | Set the secret created for the SP for azure, should contain an azure.json file | `""` | -| `cloudflare.apiKey` | `CF_API_KEY` to set in the environment (optional). | `""` | -| `cloudflare.email` | `CF_API_EMAIL` to set in the environment (optional). | `""` | -| `cloudflare.proxied` | enable the proxy feature of Cloudflare (DDOS protection, CDN...) (optional). | `true` | -| `designate.customCA.enabled` | A switch to enable a custom CA for the Designate provider (optional) | false | -| `designate.customCA.content` | The content of the Designate provider's custom CA | "" | -| `designate.customCA.directory` | Directory in which to mount the Designate provider's custom CA | "/config/designate" | -| `designate.customCA.filename` | Filename of Designate provider's custom CA | "designate-ca.pem" | -| `domainFilters` | Limit possible target zones by domain suffixes (optional). | `[]` | -| `dryRun` | When enabled, prints DNS record changes rather than actually performing them (optional). | `false` | -| `extraArgs` | Optional object of extra args, as `name`: `value` pairs. Where the name is the command line arg to external-dns. | `{}` | -| `extraEnv` | Optional array of extra environment variables. Supply a `name` property and either `value` of `valueFrom` for each. | `[]` | -| `google.project` | When using the Google provider, specify the Google project (required when provider=google). | `""` | -| `google.serviceAccountSecret` | When using the Google provider, optionally specify the existing secret which contains credentials.json if necessary. | `""` | -| `google.serviceAccountKey` | When using the Google provider, optionally specify the service account key JSON file. Must be provided when no existing secret is used, in this case a new secret will be created holding this service account | `""` | -| `image.repository` | Container image name (Including repository name if not `hub.docker.com`). | `registry.opensource.zalan.do/teapot/external-dns` | -| `image.pullPolicy` | Container pull policy. | `IfNotPresent` | -| `image.tag` | Container image tag. | `v0.5.9` | -| `image.pullSecrets` | Array of pull secret names | `[]` | -| `infoblox.gridHost` | When using the Infoblox provider, specify the Infoblox Grid host. | `""` | -| `infoblox.wapiUsername` | When using the Infoblox provider, specify the Infoblox WAPI username. | `""` | -| `infoblox.wapiPassword` | When using the Infoblox provider, specify the Infoblox WAPI password. | `""` | -| `infoblox.domainFilter` | When using the Infoblox provider, optionally specify the domain. | `""` | -| `infoblox.noSslVerify` | When using the Infoblox provider, optionally disable SSL verification. | `false` | -| `infoblox.wapiPort` | When using the Infoblox provider, optionally specify the Infoblox WAPI port. | `""` | -| `infoblox.wapiVersion` | When using the Infoblox provider, optionally specify the Infoblox WAPI version. | `""` | -| `infoblox.wapiConnectionPoolSize` | When using the Infoblox provider, optionally specify the Infoblox WAPI request connection pool size. | `""` | -| `infoblox.wapiHttpTimeout` | When using the Infoblox provider, optionally specify the Infoblox WAPI request timeout in seconds. | `""` | -| `logLevel` | Verbosity of the logs (options: panic, debug, info, warn, error, fatal) | `info` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `podAnnotations` | Additional annotations to apply to the pod. | `{}` | -| `policy` | Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ). | `upsert-only` | -| `provider` | The DNS provider where the DNS records will be created (options: aws, google, azure, cloudflare, digitalocean, inmemory ). | `aws` | -| `publishInternalServices` | Allow external-dns to publish DNS records for ClusterIP services (optional). | `false` | -| `rbac.create` | If true, create & use RBAC resources | `false` | -| `rbac.serviceAccountName` | Existing ServiceAccount to use (ignored if rbac.create=true) | `default` | -| `interval` | Interval update period to use (options: txt, noop) | `txt` | -| `registry` | Registry method to use (options: txt, noop) | `txt` | -| `resources` | CPU/Memory resource requests/limits. | `{}` | -| `securityContext` | Security options the pod should run with. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{}` | -| `priorityClassName` | priorityClassName | `""` | -| `service.annotations` | Annotations to add to service | `{}` | -| `service.clusterIP` | IP address to assign to service | `""` | -| `service.externalIPs` | Service external IP addresses | `[]` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `service.servicePort` | Service port to expose | `7979` | -| `service.type` | Type of service to create | `ClusterIP` | -| `sources` | List of resource types to monitor, possible values are fake, service or ingress. | `[service, ingress]` | -| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | -| `affinity` | List of affinities (requires Kubernetes >=1.6) | `{}` | -| `txtOwnerId` | When using the TXT registry, a name that identifies this instance of ExternalDNS (optional) | `"default"` | -| `txtPrefix` | When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) | `""` | -| `zoneIdFilters` | Limit possible target zones by zone id (optional) | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --name my-release -f values.yaml stable/external-dns -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## IAM Permissions - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "route53:ChangeResourceRecordSets" - ], - "Resource": [ - "arn:aws:route53:::hostedzone/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones", - "route53:ListResourceRecordSets" - ], - "Resource": [ - "*" - ] - } - ] -} -``` - -[external-dns]: https://github.com/kubernetes-incubator/external-dns -[Zalando]: https://zalando.github.io/ -[getting-started]: https://github.com/kubernetes-incubator/external-dns/blob/master/README.md#getting-started diff --git a/charts/rancher-external-dns/v0.1.1/questions.yml b/charts/rancher-external-dns/v0.1.1/questions.yml deleted file mode 100644 index a0685b1e7..000000000 --- a/charts/rancher-external-dns/v0.1.1/questions.yml +++ /dev/null @@ -1,2 +0,0 @@ -rancher_min_version: 2.3.0-rc1 -rancher_max_version: 2.5.99 diff --git a/charts/rancher-external-dns/v0.1.1/templates/NOTES.txt b/charts/rancher-external-dns/v0.1.1/templates/NOTES.txt deleted file mode 100644 index e04285496..000000000 --- a/charts/rancher-external-dns/v0.1.1/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that external-dns has started, run: - - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "external-dns.name" . }},release={{ .Release.Name }}" diff --git a/charts/rancher-external-dns/v0.1.1/templates/_helpers.tpl b/charts/rancher-external-dns/v0.1.1/templates/_helpers.tpl deleted file mode 100644 index 63b3a9d3a..000000000 --- a/charts/rancher-external-dns/v0.1.1/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "external-dns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "external-dns.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if ne $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* Generate basic labels */}} -{{- define "external-dns.labels" }} -app: {{ template "external-dns.name" . }} -heritage: {{.Release.Service }} -release: {{.Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels }} -{{- end }} -{{- end }} - -{{- define "external-dns.aws-credentials" }} -[default] -aws_access_key_id = {{ .Values.aws.accessKey }} -aws_secret_access_key = {{ .Values.aws.secretKey }} -{{ end }} - - -{{- define "external-dns.aws-config" }} -[profile default] -{{- if .Values.aws.roleArn }} -role_arn = {{ .Values.aws.roleArn }} -{{- end }} -region = {{ .Values.aws.region }} -{{ end }} - -{{- define "external-dns.alibabacloud-config" }} -accessKeyId: {{ .Values.alibabacloud.accessKey }} -accessKeySecret: {{ .Values.alibabacloud.secretKey }} -{{ end }} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{- define "deployment_api_version" -}} -{{- if .Capabilities.APIVersions.Has "apps/v1" -}} -{{- "apps/v1" -}} -{{- else if .Capabilities.APIVersions.Has "apps/v1beta2" -}} -{{- "apps/v1beta2" -}} -{{- else if .Capabilities.APIVersions.Has "apps/v1beta1" -}} -{{- "apps/v1beta1" -}} -{{- else -}} -{{- "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-external-dns/v0.1.1/templates/clusterrole.yaml b/charts/rancher-external-dns/v0.1.1/templates/clusterrole.yaml deleted file mode 100644 index 1322e55aa..000000000 --- a/charts/rancher-external-dns/v0.1.1/templates/clusterrole.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRole -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -rules: - - apiGroups: - - "" - resources: - - services - - pods - - nodes - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/rancher-external-dns/v0.1.1/templates/clusterrolebinding.yaml b/charts/rancher-external-dns/v0.1.1/templates/clusterrolebinding.yaml deleted file mode 100644 index b93b19f30..000000000 --- a/charts/rancher-external-dns/v0.1.1/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRoleBinding -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "external-dns.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/rancher-external-dns/v0.1.1/templates/configmap.yaml b/charts/rancher-external-dns/v0.1.1/templates/configmap.yaml deleted file mode 100644 index 8cb558177..000000000 --- a/charts/rancher-external-dns/v0.1.1/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "external-dns.fullname" . }} - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -data: - {{ .Values.designate.customCA.filename }}: | -{{ .Values.designate.customCA.content | indent 4 }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.1.1/templates/deployment.yaml b/charts/rancher-external-dns/v0.1.1/templates/deployment.yaml deleted file mode 100755 index 0c792b5d0..000000000 --- a/charts/rancher-external-dns/v0.1.1/templates/deployment.yaml +++ /dev/null @@ -1,263 +0,0 @@ -apiVersion: {{ template "deployment_api_version" . }} -kind: Deployment -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -spec: - selector: - matchLabels: - {{ include "external-dns.labels" . | indent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8}} - {{- end }} - labels: {{ include "external-dns.labels" . | indent 8 }} - spec: - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $sec := .Values.image.pullSecrets }} - - name: {{$sec | quote }} - {{- end }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: {{ template "external-dns.name" . }} - image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ .Values.image.tag }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - args: - {{- if .Values.logLevel }} - - --log-level={{ .Values.logLevel }} - {{- end }} - {{- if .Values.publishInternalServices }} - - --publish-internal-services - {{- end }} - {{- range .Values.domainFilters }} - - --domain-filter={{ . }} - {{- end }} - {{- range .Values.zoneIdFilters }} - - --zone-id-filter={{ . }} - {{- end }} - - --policy={{ .Values.policy }} - - --provider={{ .Values.provider }} - - --registry={{ .Values.registry }} - - --interval={{ .Values.interval }} - {{- if .Values.txtOwnerId }} - - --txt-owner-id={{ .Values.txtOwnerId }} - {{- end }} - {{- if .Values.txtPrefix }} - - --txt-prefix={{ .Values.txtPrefix }} - {{- end }} - {{- if .Values.annotationFilter }} - - --annotation-filter={{ .Values.annotationFilter }} - {{- end }} - {{- range .Values.sources }} - - --source={{ . }} - {{- end }} - {{ if .Values.dryRun }} - - --dry-run - {{- end }} - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "cloudflare" }} - {{- if .Values.cloudflare.proxied }} - - --cloudflare-proxied - {{- end }} - {{- end }} - {{- if .Values.aws.zoneType }} - - --aws-zone-type={{ .Values.aws.zoneType }} - {{- end }} - {{- if .Values.google.project }} - - --google-project={{ .Values.google.project }} - {{- end }} - {{- if eq .Values.provider "infoblox" }} - - --infoblox-grid-host={{ .Values.infoblox.gridHost }} - {{- if .Values.infoblox.domainFilter }} - - --domain-filter={{ .Values.infoblox.domainFilter }} - {{- end }} - {{- if .Values.infoblox.wapiPort }} - - --infoblox-wapi-port={{ .Values.infoblox.wapiPort }} - {{- end }} - {{- if .Values.infoblox.wapiVersion }} - - --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }} - {{- end }} - {{- if .Values.infoblox.noSslVerify }} - - --no-infoblox-ssl-verify - {{- else }} - - --infoblox-ssl-verify - {{- end }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - --alibaba-cloud-config-file=/etc/kubernetes/config.yaml - {{- end }} - {{- if .Values.alibabacloud.zoneType }} - - --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }} - {{- end }} - volumeMounts: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: google-service-account - mountPath: /etc/secrets/service-account/ - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if not .Values.azure.secretName }} - mountPath: /etc/kubernetes/azure.json - {{- else }} - mountPath: /etc/kubernetes/ - {{- end }} - readOnly: true - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - mountPath: {{ .Values.aws.credentialsPath }} - readOnly: true - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - mountPath: {{ .Values.designate.customCA.directory }} - readOnly: true - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - mountPath: /etc/kubernetes/ - readOnly: true - - mountPath: /usr/share/zoneinfo - name: zoneinfo - readOnly: true - {{- end }} - env: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /etc/secrets/service-account/credentials.json - {{- end }} - {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} - {{- if .Values.aws.region }} - - name: AWS_DEFAULT_REGION - value: {{ .Values.aws.region }} - {{- end }} - {{- end }} - {{- if and .Values.cloudflare.apiKey .Values.cloudflare.email }} - - name: CF_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: cloudflare_api_key - - name: CF_API_EMAIL - value: "{{ .Values.cloudflare.email }}" - {{- end }} - {{- if .Values.infoblox.wapiConnectionPoolSize }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS - value: "{{ .Values.infoblox.wapiConnectionPoolSize }}" - {{- end }} - {{- if .Values.infoblox.wapiHttpTimeout }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT - value: "{{ .Values.infoblox.wapiHttpTimeout }}" - {{- end }} - {{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - - name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_username - - name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_password - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: OPENSTACK_CA_FILE - value: {{ .Values.designate.customCA.directory }}/{{ .Values.designate.customCA.filename }} - {{- end }} - {{- $root := . -}} - {{- range .Values.extraEnv }} - - name: {{ .name }} - valueFrom: - {{- if .valueFrom }} -{{ toYaml .valueFrom | indent 14 }} - {{- else }} - secretKeyRef: - name: {{ template "external-dns.fullname" $root }} - key: {{ .name }} - {{- end }} - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: 7979 - ports: - - containerPort: 7979 - {{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - volumes: - {{- if .Values.google.serviceAccountSecret }} - - name: google-service-account - secret: - secretName: {{ .Values.google.serviceAccountSecret | quote }} - {{- else if .Values.google.serviceAccountKey }} - - name: google-service-account - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if (not .Values.azure.secretName)}} - hostPath: - path: /etc/kubernetes/azure.json - type: File - {{- else}} - secret: - secretName: {{.Values.azure.secretName}} - {{- end}} - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - configMap: - name: {{ template "external-dns.fullname" . }} - items: - - key: {{ .Values.designate.customCA.filename }} - path: {{ .Values.designate.customCA.filename }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - secret: - secretName: {{ template "external-dns.fullname" . }} - - name: zoneinfo - hostPath: - path: /usr/share/zoneinfo - {{- end }} - nodeSelector: - beta.kubernetes.io/os: linux - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "external-dns.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} diff --git a/charts/rancher-external-dns/v0.1.1/templates/secret.yaml b/charts/rancher-external-dns/v0.1.1/templates/secret.yaml deleted file mode 100644 index a5a5fc428..000000000 --- a/charts/rancher-external-dns/v0.1.1/templates/secret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if or (and .Values.aws.secretKey .Values.aws.accessKey) .Values.cloudflare.apiKey (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) .Values.extraEnv .Values.google.serviceAccountKey (and .Values.alibabacloud.secretKey .Values.alibabacloud.accessKey) -}} -apiVersion: v1 -kind: Secret -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -type: Opaque -data: -{{- if eq .Values.provider "aws" }} - credentials: {{ include "external-dns.aws-credentials" . | b64enc | quote }} - config: {{ include "external-dns.aws-config" . | b64enc | quote }} -{{- end}} -{{- if and (eq .Values.provider "google") .Values.google.serviceAccountKey }} - credentials.json: {{ .Values.google.serviceAccountKey | b64enc | quote }} -{{- end}} -{{- if .Values.cloudflare.apiKey }} - cloudflare_api_key: {{ .Values.cloudflare.apiKey | b64enc | quote }} -{{- end }} -{{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - infoblox_wapi_username: {{ .Values.infoblox.wapiUsername | b64enc | quote }} - infoblox_wapi_password: {{ .Values.infoblox.wapiPassword | b64enc | quote }} -{{- end }} -{{- if eq .Values.provider "alibabacloud" }} - config.yaml: {{ include "external-dns.alibabacloud-config" . | b64enc | quote }} -{{- end}} - -{{- range .Values.extraEnv }} - {{- if .value }} - {{ .name }}: {{ .value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.1.1/templates/service.yaml b/charts/rancher-external-dns/v0.1.1/templates/service.yaml deleted file mode 100644 index ef73ad2b2..000000000 --- a/charts/rancher-external-dns/v0.1.1/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "external-dns.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "external-dns.fullname" . }} -spec: -{{- if .Values.service.clusterIP }} - clusterIP: "{{ .Values.service.clusterIP }}" -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - port: {{ .Values.service.servicePort }} - protocol: TCP - targetPort: 7979 - name: http - selector: - app: {{ template "external-dns.name" . }} - release: {{ .Release.Name }} - type: "{{ .Values.service.type }}" diff --git a/charts/rancher-external-dns/v0.1.1/templates/serviceaccount.yaml b/charts/rancher-external-dns/v0.1.1/templates/serviceaccount.yaml deleted file mode 100644 index 936ed7580..000000000 --- a/charts/rancher-external-dns/v0.1.1/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.1.1/values.yaml b/charts/rancher-external-dns/v0.1.1/values.yaml deleted file mode 100644 index 290530712..000000000 --- a/charts/rancher-external-dns/v0.1.1/values.yaml +++ /dev/null @@ -1,177 +0,0 @@ -## Details about the image to be pulled. -image: - repository: rancher/kubernetes-external-dns - tag: v0.7.3 - pullSecrets: [] - pullPolicy: IfNotPresent - -## This controls which types of resource external-dns should 'watch' for new -## DNS entries. -sources: - - service - - ingress - -# Allow external-dns to publish DNS records for ClusterIP services (optional) -publishInternalServices: false - -## The DNS provider where the DNS records will be created (options: aws, google, inmemory, azure, alibabacloud ) -provider: aws - -# Configurations for Alibabacloud provider -alibabacloud: - accessKey: "" - secretKey: "" - # Filter for zones of this type (optional, options: public, private or no value for both) - zoneType: "" - -# AWS Access keys to inject as environment variables -aws: - secretKey: "" - accessKey: "" - # pre external-dns 0.5.9 home dir should be `/root/.aws` - credentialsPath: "/.aws" - roleArn: "" - region: "us-east-1" - # Filter for zones of this type (optional, options: public, private) - zoneType: "" - -azure: -# If you don't specify a secret to load azure.json from, you will get the host's /etc/kubernetes/azure.json - secretName: "" - -# Cloudflare keys to inject as environment variables -cloudflare: - apiKey: "" - email: "" - proxied: true - -# Configuration for OpenStack Designate provider -designate: - # A custom CA (optional) - customCA: - # Turn custom CA on or off - enabled: false - # The content of the custom CA file - content: "" - # Location to mount custom CA - directory: "/config/designate" - # Filename of the custom CA - filename: "designate-ca.pem" - -# When using the Google provider, specify the Google project (required when provider=google) -google: - project: "" - serviceAccountSecret: "" - serviceAccountKey: "" - -# Infoblox keys to inject -infoblox: - # Required keys: - wapiUsername: "" - wapiPassword: "" - gridHost: "" - # Optional keys: - domainFilter: "" - noSslVerify: false - wapiPort: "" - wapiVersion: "" - wapiConnectionPoolSize: "" - wapiHttpTimeout: "" - -## Limit possible target zones by domain suffixes (optional) -domainFilters: [] -## Limit possible target zones by zone id (optional) -zoneIdFilters: [] -# Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) -annotationFilter: "" -## Adjust the interval for DNS updates -interval: "1m" - -# Registry to use for ownership (txt or noop) -registry: "txt" - -# When using the TXT registry, a name that identifies this instance of ExternalDNS -txtOwnerId: "" - -# When enabled, prints DNS record changes rather than actually performing them -dryRun: false - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -## Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ) -policy: upsert-only - -## Annotations to be added to pods -## -podAnnotations: {} - -podLabels: {} - -# Verbosity of the logs (options: panic, debug, info, warn, error, fatal) -logLevel: info - -extraArgs: {} - -# Extra environment variables which will be saved in a release-specific secret -# or retrieved via valueFrom. -# extraEnv: -# - name: SECRET_TO_SAVE -# value: secret_value -# - name: AWS_ACCESS_KEY_ID -# valueFrom: -# secretKeyRef: -# name: existing-secret -# key: access-key-id -extraEnv: [] - -## CPU and Memory limit and request for external-dns -resources: - limits: - memory: 100Mi - cpu: 200m - requests: - memory: 50Mi - cpu: 100m - -rbac: - ## If true, create & use RBAC resources - ## - create: false - # Beginning with Kubernetes 1.8, the api is stable and v1 can be used. - apiVersion: v1beta1 - - ## Ignored if rbac.create is true - ## - serviceAccountName: default - -securityContext: {} - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 65534 # 65534 is nobody - revise aws.credentialsPath when changing uid - # capabilities: - # drop: ["ALL"] - -service: - annotations: {} - clusterIP: "" - - ## List of IP addresses at which the service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 7979 - type: ClusterIP - -priorityClassName: "" - -global: - systemDefaultRegistry: "" diff --git a/charts/rancher-external-dns/v0.1.2/.helmignore b/charts/rancher-external-dns/v0.1.2/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-external-dns/v0.1.2/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-external-dns/v0.1.2/Chart.yaml b/charts/rancher-external-dns/v0.1.2/Chart.yaml deleted file mode 100644 index 965650cc2..000000000 --- a/charts/rancher-external-dns/v0.1.2/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -description: | - Configure external DNS servers (AWS Route53, Google CloudDNS and others) - for Kubernetes Ingresses and Services -name: rancher-external-dns -version: 0.1.2 -appVersion: 0.7.3 -home: https://github.com/kubernetes-sigs/external-dns -sources: - - https://github.com/kubernetes-sigs/external-dns -engine: gotpl -maintainers: -- name: rabadin - email: rabadin@cisco.com diff --git a/charts/rancher-external-dns/v0.1.2/README.md b/charts/rancher-external-dns/v0.1.2/README.md deleted file mode 100644 index 4434add32..000000000 --- a/charts/rancher-external-dns/v0.1.2/README.md +++ /dev/null @@ -1,133 +0,0 @@ -# external-dns - -## Chart Details - -This chart will do the following: - -* Create a deployment of [external-dns] within your Kubernetes Cluster. - -Currently this uses official images from release notes at https://github.com/kubernetes-sigs/external-dns, if this is a concern follow the steps in the [external-dns] documentation to compile the binary and make a container. Where the chart pulls the image from is fully configurable. - -> **Note**: If you want to use Chart version >1.1.0 with external-dns image <0.5.9 and use aws credentials, make sure to set `aws.credentialsPath: "/root/.aws"` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release stable/external-dns -``` - -## Configuration - -The following table lists the configurable parameters of the external-dns chart and their default values. - - -| Parameter | Description | Default | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | -| `annotationFilter` | Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) (optional). | `""` | -| `aws.accessKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.secretKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.credentialsPath` | determine `mountPath` for `credentials` secret, defaults to `nobody` USER home path `/.aws` (optional). | `"/.aws"` | -| `aws.region` | `AWS_DEFAULT_REGION` to set in the environment (optional). | `us-east-1` | -| `aws.roleArn` | If assume role credentials are used then is the role_arn (arn:aws:iam::....). Leave empty if not used. | `""` | -| `aws.zoneType` | Filter for zones of this type (optional, options: public, private). | `""` | -| `aws.batchChangeSize` | Batch size for Route53 changes. | `100` | -| `azure.secretName` | Set the secret created for the SP for azure, should contain an azure.json file | `""` | -| `cloudflare.apiKey` | `CF_API_KEY` to set in the environment (optional). | `""` | -| `cloudflare.email` | `CF_API_EMAIL` to set in the environment (optional). | `""` | -| `cloudflare.proxied` | enable the proxy feature of Cloudflare (DDOS protection, CDN...) (optional). | `true` | -| `designate.customCA.enabled` | A switch to enable a custom CA for the Designate provider (optional) | false | -| `designate.customCA.content` | The content of the Designate provider's custom CA | "" | -| `designate.customCA.directory` | Directory in which to mount the Designate provider's custom CA | "/config/designate" | -| `designate.customCA.filename` | Filename of Designate provider's custom CA | "designate-ca.pem" | -| `domainFilters` | Limit possible target zones by domain suffixes (optional). | `[]` | -| `dryRun` | When enabled, prints DNS record changes rather than actually performing them (optional). | `false` | -| `extraArgs` | Optional object of extra args, as `name`: `value` pairs. Where the name is the command line arg to external-dns. | `{}` | -| `extraEnv` | Optional array of extra environment variables. Supply a `name` property and either `value` of `valueFrom` for each. | `[]` | -| `google.project` | When using the Google provider, specify the Google project (required when provider=google). | `""` | -| `google.serviceAccountSecret` | When using the Google provider, optionally specify the existing secret which contains credentials.json if necessary. | `""` | -| `google.serviceAccountKey` | When using the Google provider, optionally specify the service account key JSON file. Must be provided when no existing secret is used, in this case a new secret will be created holding this service account | `""` | -| `image.repository` | Container image name (Including repository name if not `hub.docker.com`). | `registry.opensource.zalan.do/teapot/external-dns` | -| `image.pullPolicy` | Container pull policy. | `IfNotPresent` | -| `image.tag` | Container image tag. | `v0.5.9` | -| `image.pullSecrets` | Array of pull secret names | `[]` | -| `infoblox.gridHost` | When using the Infoblox provider, specify the Infoblox Grid host. | `""` | -| `infoblox.wapiUsername` | When using the Infoblox provider, specify the Infoblox WAPI username. | `""` | -| `infoblox.wapiPassword` | When using the Infoblox provider, specify the Infoblox WAPI password. | `""` | -| `infoblox.domainFilter` | When using the Infoblox provider, optionally specify the domain. | `""` | -| `infoblox.noSslVerify` | When using the Infoblox provider, optionally disable SSL verification. | `false` | -| `infoblox.wapiPort` | When using the Infoblox provider, optionally specify the Infoblox WAPI port. | `""` | -| `infoblox.wapiVersion` | When using the Infoblox provider, optionally specify the Infoblox WAPI version. | `""` | -| `infoblox.wapiConnectionPoolSize` | When using the Infoblox provider, optionally specify the Infoblox WAPI request connection pool size. | `""` | -| `infoblox.wapiHttpTimeout` | When using the Infoblox provider, optionally specify the Infoblox WAPI request timeout in seconds. | `""` | -| `logLevel` | Verbosity of the logs (options: panic, debug, info, warn, error, fatal) | `info` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `podAnnotations` | Additional annotations to apply to the pod. | `{}` | -| `policy` | Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ). | `upsert-only` | -| `provider` | The DNS provider where the DNS records will be created (options: aws, google, azure, cloudflare, digitalocean, inmemory ). | `aws` | -| `publishInternalServices` | Allow external-dns to publish DNS records for ClusterIP services (optional). | `false` | -| `rbac.create` | If true, create & use RBAC resources | `false` | -| `rbac.serviceAccountName` | Existing ServiceAccount to use (ignored if rbac.create=true) | `default` | -| `interval` | Interval update period to use (options: txt, noop) | `txt` | -| `registry` | Registry method to use (options: txt, noop) | `txt` | -| `resources` | CPU/Memory resource requests/limits. | `{}` | -| `securityContext` | Security options the pod should run with. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{}` | -| `priorityClassName` | priorityClassName | `""` | -| `service.annotations` | Annotations to add to service | `{}` | -| `service.clusterIP` | IP address to assign to service | `""` | -| `service.externalIPs` | Service external IP addresses | `[]` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `service.servicePort` | Service port to expose | `7979` | -| `service.type` | Type of service to create | `ClusterIP` | -| `sources` | List of resource types to monitor, possible values are fake, service or ingress. | `[service, ingress]` | -| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | -| `affinity` | List of affinities (requires Kubernetes >=1.6) | `{}` | -| `txtOwnerId` | When using the TXT registry, a name that identifies this instance of ExternalDNS (optional) | `"default"` | -| `txtPrefix` | When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) | `""` | -| `zoneIdFilters` | Limit possible target zones by zone id (optional) | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --name my-release -f values.yaml stable/external-dns -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## IAM Permissions - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "route53:ChangeResourceRecordSets" - ], - "Resource": [ - "arn:aws:route53:::hostedzone/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones", - "route53:ListResourceRecordSets" - ], - "Resource": [ - "*" - ] - } - ] -} -``` - -[external-dns]: https://github.com/kubernetes-incubator/external-dns -[Zalando]: https://zalando.github.io/ -[getting-started]: https://github.com/kubernetes-incubator/external-dns/blob/master/README.md#getting-started diff --git a/charts/rancher-external-dns/v0.1.2/questions.yml b/charts/rancher-external-dns/v0.1.2/questions.yml deleted file mode 100644 index a0685b1e7..000000000 --- a/charts/rancher-external-dns/v0.1.2/questions.yml +++ /dev/null @@ -1,2 +0,0 @@ -rancher_min_version: 2.3.0-rc1 -rancher_max_version: 2.5.99 diff --git a/charts/rancher-external-dns/v0.1.2/templates/NOTES.txt b/charts/rancher-external-dns/v0.1.2/templates/NOTES.txt deleted file mode 100644 index e04285496..000000000 --- a/charts/rancher-external-dns/v0.1.2/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that external-dns has started, run: - - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "external-dns.name" . }},release={{ .Release.Name }}" diff --git a/charts/rancher-external-dns/v0.1.2/templates/_helpers.tpl b/charts/rancher-external-dns/v0.1.2/templates/_helpers.tpl deleted file mode 100644 index 63b3a9d3a..000000000 --- a/charts/rancher-external-dns/v0.1.2/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "external-dns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "external-dns.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if ne $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* Generate basic labels */}} -{{- define "external-dns.labels" }} -app: {{ template "external-dns.name" . }} -heritage: {{.Release.Service }} -release: {{.Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels }} -{{- end }} -{{- end }} - -{{- define "external-dns.aws-credentials" }} -[default] -aws_access_key_id = {{ .Values.aws.accessKey }} -aws_secret_access_key = {{ .Values.aws.secretKey }} -{{ end }} - - -{{- define "external-dns.aws-config" }} -[profile default] -{{- if .Values.aws.roleArn }} -role_arn = {{ .Values.aws.roleArn }} -{{- end }} -region = {{ .Values.aws.region }} -{{ end }} - -{{- define "external-dns.alibabacloud-config" }} -accessKeyId: {{ .Values.alibabacloud.accessKey }} -accessKeySecret: {{ .Values.alibabacloud.secretKey }} -{{ end }} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{- define "deployment_api_version" -}} -{{- if .Capabilities.APIVersions.Has "apps/v1" -}} -{{- "apps/v1" -}} -{{- else if .Capabilities.APIVersions.Has "apps/v1beta2" -}} -{{- "apps/v1beta2" -}} -{{- else if .Capabilities.APIVersions.Has "apps/v1beta1" -}} -{{- "apps/v1beta1" -}} -{{- else -}} -{{- "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-external-dns/v0.1.2/templates/clusterrole.yaml b/charts/rancher-external-dns/v0.1.2/templates/clusterrole.yaml deleted file mode 100644 index 1322e55aa..000000000 --- a/charts/rancher-external-dns/v0.1.2/templates/clusterrole.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRole -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -rules: - - apiGroups: - - "" - resources: - - services - - pods - - nodes - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/rancher-external-dns/v0.1.2/templates/clusterrolebinding.yaml b/charts/rancher-external-dns/v0.1.2/templates/clusterrolebinding.yaml deleted file mode 100644 index b93b19f30..000000000 --- a/charts/rancher-external-dns/v0.1.2/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRoleBinding -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "external-dns.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/rancher-external-dns/v0.1.2/templates/configmap.yaml b/charts/rancher-external-dns/v0.1.2/templates/configmap.yaml deleted file mode 100644 index 8cb558177..000000000 --- a/charts/rancher-external-dns/v0.1.2/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "external-dns.fullname" . }} - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -data: - {{ .Values.designate.customCA.filename }}: | -{{ .Values.designate.customCA.content | indent 4 }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.1.2/templates/deployment.yaml b/charts/rancher-external-dns/v0.1.2/templates/deployment.yaml deleted file mode 100755 index 7f4f2e25f..000000000 --- a/charts/rancher-external-dns/v0.1.2/templates/deployment.yaml +++ /dev/null @@ -1,266 +0,0 @@ -apiVersion: {{ template "deployment_api_version" . }} -kind: Deployment -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -spec: - selector: - matchLabels: - {{ include "external-dns.labels" . | indent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8}} - {{- end }} - labels: {{ include "external-dns.labels" . | indent 8 }} - spec: - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $sec := .Values.image.pullSecrets }} - - name: {{$sec | quote }} - {{- end }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: {{ template "external-dns.name" . }} - image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ .Values.image.tag }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - args: - {{- if .Values.logLevel }} - - --log-level={{ .Values.logLevel }} - {{- end }} - {{- if .Values.publishInternalServices }} - - --publish-internal-services - {{- end }} - {{- range .Values.domainFilters }} - - --domain-filter={{ . }} - {{- end }} - {{- range .Values.zoneIdFilters }} - - --zone-id-filter={{ . }} - {{- end }} - - --policy={{ .Values.policy }} - - --provider={{ .Values.provider }} - - --registry={{ .Values.registry }} - - --interval={{ .Values.interval }} - {{- if .Values.txtOwnerId }} - - --txt-owner-id={{ .Values.txtOwnerId }} - {{- end }} - {{- if .Values.txtPrefix }} - - --txt-prefix={{ .Values.txtPrefix }} - {{- end }} - {{- if .Values.annotationFilter }} - - --annotation-filter={{ .Values.annotationFilter }} - {{- end }} - {{- range .Values.sources }} - - --source={{ . }} - {{- end }} - {{ if .Values.dryRun }} - - --dry-run - {{- end }} - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "cloudflare" }} - {{- if .Values.cloudflare.proxied }} - - --cloudflare-proxied - {{- end }} - {{- end }} - {{- if .Values.aws.zoneType }} - - --aws-zone-type={{ .Values.aws.zoneType }} - {{- end }} - {{- if .Values.google.project }} - - --google-project={{ .Values.google.project }} - {{- end }} - {{- if eq .Values.provider "aws" }} - - --aws-batch-change-size={{ .Values.aws.batchChangeSize }} - {{- end }} - {{- if eq .Values.provider "infoblox" }} - - --infoblox-grid-host={{ .Values.infoblox.gridHost }} - {{- if .Values.infoblox.domainFilter }} - - --domain-filter={{ .Values.infoblox.domainFilter }} - {{- end }} - {{- if .Values.infoblox.wapiPort }} - - --infoblox-wapi-port={{ .Values.infoblox.wapiPort }} - {{- end }} - {{- if .Values.infoblox.wapiVersion }} - - --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }} - {{- end }} - {{- if .Values.infoblox.noSslVerify }} - - --no-infoblox-ssl-verify - {{- else }} - - --infoblox-ssl-verify - {{- end }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - --alibaba-cloud-config-file=/etc/kubernetes/config.yaml - {{- end }} - {{- if .Values.alibabacloud.zoneType }} - - --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }} - {{- end }} - volumeMounts: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: google-service-account - mountPath: /etc/secrets/service-account/ - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if not .Values.azure.secretName }} - mountPath: /etc/kubernetes/azure.json - {{- else }} - mountPath: /etc/kubernetes/ - {{- end }} - readOnly: true - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - mountPath: {{ .Values.aws.credentialsPath }} - readOnly: true - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - mountPath: {{ .Values.designate.customCA.directory }} - readOnly: true - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - mountPath: /etc/kubernetes/ - readOnly: true - - mountPath: /usr/share/zoneinfo - name: zoneinfo - readOnly: true - {{- end }} - env: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /etc/secrets/service-account/credentials.json - {{- end }} - {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} - {{- if .Values.aws.region }} - - name: AWS_DEFAULT_REGION - value: {{ .Values.aws.region }} - {{- end }} - {{- end }} - {{- if and .Values.cloudflare.apiKey .Values.cloudflare.email }} - - name: CF_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: cloudflare_api_key - - name: CF_API_EMAIL - value: "{{ .Values.cloudflare.email }}" - {{- end }} - {{- if .Values.infoblox.wapiConnectionPoolSize }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS - value: "{{ .Values.infoblox.wapiConnectionPoolSize }}" - {{- end }} - {{- if .Values.infoblox.wapiHttpTimeout }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT - value: "{{ .Values.infoblox.wapiHttpTimeout }}" - {{- end }} - {{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - - name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_username - - name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_password - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: OPENSTACK_CA_FILE - value: {{ .Values.designate.customCA.directory }}/{{ .Values.designate.customCA.filename }} - {{- end }} - {{- $root := . -}} - {{- range .Values.extraEnv }} - - name: {{ .name }} - valueFrom: - {{- if .valueFrom }} -{{ toYaml .valueFrom | indent 14 }} - {{- else }} - secretKeyRef: - name: {{ template "external-dns.fullname" $root }} - key: {{ .name }} - {{- end }} - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: 7979 - ports: - - containerPort: 7979 - {{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - volumes: - {{- if .Values.google.serviceAccountSecret }} - - name: google-service-account - secret: - secretName: {{ .Values.google.serviceAccountSecret | quote }} - {{- else if .Values.google.serviceAccountKey }} - - name: google-service-account - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if (not .Values.azure.secretName)}} - hostPath: - path: /etc/kubernetes/azure.json - type: File - {{- else}} - secret: - secretName: {{.Values.azure.secretName}} - {{- end}} - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - configMap: - name: {{ template "external-dns.fullname" . }} - items: - - key: {{ .Values.designate.customCA.filename }} - path: {{ .Values.designate.customCA.filename }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - secret: - secretName: {{ template "external-dns.fullname" . }} - - name: zoneinfo - hostPath: - path: /usr/share/zoneinfo - {{- end }} - nodeSelector: - beta.kubernetes.io/os: linux - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "external-dns.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} diff --git a/charts/rancher-external-dns/v0.1.2/templates/secret.yaml b/charts/rancher-external-dns/v0.1.2/templates/secret.yaml deleted file mode 100644 index a5a5fc428..000000000 --- a/charts/rancher-external-dns/v0.1.2/templates/secret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if or (and .Values.aws.secretKey .Values.aws.accessKey) .Values.cloudflare.apiKey (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) .Values.extraEnv .Values.google.serviceAccountKey (and .Values.alibabacloud.secretKey .Values.alibabacloud.accessKey) -}} -apiVersion: v1 -kind: Secret -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -type: Opaque -data: -{{- if eq .Values.provider "aws" }} - credentials: {{ include "external-dns.aws-credentials" . | b64enc | quote }} - config: {{ include "external-dns.aws-config" . | b64enc | quote }} -{{- end}} -{{- if and (eq .Values.provider "google") .Values.google.serviceAccountKey }} - credentials.json: {{ .Values.google.serviceAccountKey | b64enc | quote }} -{{- end}} -{{- if .Values.cloudflare.apiKey }} - cloudflare_api_key: {{ .Values.cloudflare.apiKey | b64enc | quote }} -{{- end }} -{{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - infoblox_wapi_username: {{ .Values.infoblox.wapiUsername | b64enc | quote }} - infoblox_wapi_password: {{ .Values.infoblox.wapiPassword | b64enc | quote }} -{{- end }} -{{- if eq .Values.provider "alibabacloud" }} - config.yaml: {{ include "external-dns.alibabacloud-config" . | b64enc | quote }} -{{- end}} - -{{- range .Values.extraEnv }} - {{- if .value }} - {{ .name }}: {{ .value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.1.2/templates/service.yaml b/charts/rancher-external-dns/v0.1.2/templates/service.yaml deleted file mode 100644 index ef73ad2b2..000000000 --- a/charts/rancher-external-dns/v0.1.2/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "external-dns.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "external-dns.fullname" . }} -spec: -{{- if .Values.service.clusterIP }} - clusterIP: "{{ .Values.service.clusterIP }}" -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - port: {{ .Values.service.servicePort }} - protocol: TCP - targetPort: 7979 - name: http - selector: - app: {{ template "external-dns.name" . }} - release: {{ .Release.Name }} - type: "{{ .Values.service.type }}" diff --git a/charts/rancher-external-dns/v0.1.2/templates/serviceaccount.yaml b/charts/rancher-external-dns/v0.1.2/templates/serviceaccount.yaml deleted file mode 100644 index 936ed7580..000000000 --- a/charts/rancher-external-dns/v0.1.2/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.1.2/values.yaml b/charts/rancher-external-dns/v0.1.2/values.yaml deleted file mode 100644 index ad23990d6..000000000 --- a/charts/rancher-external-dns/v0.1.2/values.yaml +++ /dev/null @@ -1,179 +0,0 @@ -## Details about the image to be pulled. -image: - repository: rancher/kubernetes-external-dns - tag: v0.7.3 - pullSecrets: [] - pullPolicy: IfNotPresent - -## This controls which types of resource external-dns should 'watch' for new -## DNS entries. -sources: - - service - - ingress - -# Allow external-dns to publish DNS records for ClusterIP services (optional) -publishInternalServices: false - -## The DNS provider where the DNS records will be created (options: aws, google, inmemory, azure, alibabacloud ) -provider: aws - -# Configurations for Alibabacloud provider -alibabacloud: - accessKey: "" - secretKey: "" - # Filter for zones of this type (optional, options: public, private or no value for both) - zoneType: "" - -# AWS Access keys to inject as environment variables -aws: - secretKey: "" - accessKey: "" - # pre external-dns 0.5.9 home dir should be `/root/.aws` - credentialsPath: "/.aws" - roleArn: "" - region: "us-east-1" - # Filter for zones of this type (optional, options: public, private) - zoneType: "" - # Batch size for Route53 changes - batchChangeSize: 100 - -azure: -# If you don't specify a secret to load azure.json from, you will get the host's /etc/kubernetes/azure.json - secretName: "" - -# Cloudflare keys to inject as environment variables -cloudflare: - apiKey: "" - email: "" - proxied: true - -# Configuration for OpenStack Designate provider -designate: - # A custom CA (optional) - customCA: - # Turn custom CA on or off - enabled: false - # The content of the custom CA file - content: "" - # Location to mount custom CA - directory: "/config/designate" - # Filename of the custom CA - filename: "designate-ca.pem" - -# When using the Google provider, specify the Google project (required when provider=google) -google: - project: "" - serviceAccountSecret: "" - serviceAccountKey: "" - -# Infoblox keys to inject -infoblox: - # Required keys: - wapiUsername: "" - wapiPassword: "" - gridHost: "" - # Optional keys: - domainFilter: "" - noSslVerify: false - wapiPort: "" - wapiVersion: "" - wapiConnectionPoolSize: "" - wapiHttpTimeout: "" - -## Limit possible target zones by domain suffixes (optional) -domainFilters: [] -## Limit possible target zones by zone id (optional) -zoneIdFilters: [] -# Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) -annotationFilter: "" -## Adjust the interval for DNS updates -interval: "1m" - -# Registry to use for ownership (txt or noop) -registry: "txt" - -# When using the TXT registry, a name that identifies this instance of ExternalDNS -txtOwnerId: "" - -# When enabled, prints DNS record changes rather than actually performing them -dryRun: false - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -## Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ) -policy: upsert-only - -## Annotations to be added to pods -## -podAnnotations: {} - -podLabels: {} - -# Verbosity of the logs (options: panic, debug, info, warn, error, fatal) -logLevel: info - -extraArgs: {} - -# Extra environment variables which will be saved in a release-specific secret -# or retrieved via valueFrom. -# extraEnv: -# - name: SECRET_TO_SAVE -# value: secret_value -# - name: AWS_ACCESS_KEY_ID -# valueFrom: -# secretKeyRef: -# name: existing-secret -# key: access-key-id -extraEnv: [] - -## CPU and Memory limit and request for external-dns -resources: - limits: - memory: 100Mi - cpu: 200m - requests: - memory: 50Mi - cpu: 100m - -rbac: - ## If true, create & use RBAC resources - ## - create: false - # Beginning with Kubernetes 1.8, the api is stable and v1 can be used. - apiVersion: v1beta1 - - ## Ignored if rbac.create is true - ## - serviceAccountName: default - -securityContext: {} - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 65534 # 65534 is nobody - revise aws.credentialsPath when changing uid - # capabilities: - # drop: ["ALL"] - -service: - annotations: {} - clusterIP: "" - - ## List of IP addresses at which the service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 7979 - type: ClusterIP - -priorityClassName: "" - -global: - systemDefaultRegistry: "" diff --git a/charts/rancher-external-dns/v0.2.0/.helmignore b/charts/rancher-external-dns/v0.2.0/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-external-dns/v0.2.0/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-external-dns/v0.2.0/Chart.yaml b/charts/rancher-external-dns/v0.2.0/Chart.yaml deleted file mode 100644 index af5407bef..000000000 --- a/charts/rancher-external-dns/v0.2.0/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -description: | - Configure external DNS servers (AWS Route53, Google CloudDNS and others) - for Kubernetes Ingresses and Services -name: rancher-external-dns -version: 0.2.0 -appVersion: 0.7.3 -home: https://github.com/kubernetes-sigs/external-dns -sources: - - https://github.com/kubernetes-sigs/external-dns -engine: gotpl -maintainers: -- name: rabadin - email: rabadin@cisco.com -kubeVersion: '< 1.22.0-0' diff --git a/charts/rancher-external-dns/v0.2.0/README.md b/charts/rancher-external-dns/v0.2.0/README.md deleted file mode 100644 index 4434add32..000000000 --- a/charts/rancher-external-dns/v0.2.0/README.md +++ /dev/null @@ -1,133 +0,0 @@ -# external-dns - -## Chart Details - -This chart will do the following: - -* Create a deployment of [external-dns] within your Kubernetes Cluster. - -Currently this uses official images from release notes at https://github.com/kubernetes-sigs/external-dns, if this is a concern follow the steps in the [external-dns] documentation to compile the binary and make a container. Where the chart pulls the image from is fully configurable. - -> **Note**: If you want to use Chart version >1.1.0 with external-dns image <0.5.9 and use aws credentials, make sure to set `aws.credentialsPath: "/root/.aws"` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release stable/external-dns -``` - -## Configuration - -The following table lists the configurable parameters of the external-dns chart and their default values. - - -| Parameter | Description | Default | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | -| `annotationFilter` | Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) (optional). | `""` | -| `aws.accessKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.secretKey` | set in `~/.aws/credentials` mounted through secret (optional). | `""` | -| `aws.credentialsPath` | determine `mountPath` for `credentials` secret, defaults to `nobody` USER home path `/.aws` (optional). | `"/.aws"` | -| `aws.region` | `AWS_DEFAULT_REGION` to set in the environment (optional). | `us-east-1` | -| `aws.roleArn` | If assume role credentials are used then is the role_arn (arn:aws:iam::....). Leave empty if not used. | `""` | -| `aws.zoneType` | Filter for zones of this type (optional, options: public, private). | `""` | -| `aws.batchChangeSize` | Batch size for Route53 changes. | `100` | -| `azure.secretName` | Set the secret created for the SP for azure, should contain an azure.json file | `""` | -| `cloudflare.apiKey` | `CF_API_KEY` to set in the environment (optional). | `""` | -| `cloudflare.email` | `CF_API_EMAIL` to set in the environment (optional). | `""` | -| `cloudflare.proxied` | enable the proxy feature of Cloudflare (DDOS protection, CDN...) (optional). | `true` | -| `designate.customCA.enabled` | A switch to enable a custom CA for the Designate provider (optional) | false | -| `designate.customCA.content` | The content of the Designate provider's custom CA | "" | -| `designate.customCA.directory` | Directory in which to mount the Designate provider's custom CA | "/config/designate" | -| `designate.customCA.filename` | Filename of Designate provider's custom CA | "designate-ca.pem" | -| `domainFilters` | Limit possible target zones by domain suffixes (optional). | `[]` | -| `dryRun` | When enabled, prints DNS record changes rather than actually performing them (optional). | `false` | -| `extraArgs` | Optional object of extra args, as `name`: `value` pairs. Where the name is the command line arg to external-dns. | `{}` | -| `extraEnv` | Optional array of extra environment variables. Supply a `name` property and either `value` of `valueFrom` for each. | `[]` | -| `google.project` | When using the Google provider, specify the Google project (required when provider=google). | `""` | -| `google.serviceAccountSecret` | When using the Google provider, optionally specify the existing secret which contains credentials.json if necessary. | `""` | -| `google.serviceAccountKey` | When using the Google provider, optionally specify the service account key JSON file. Must be provided when no existing secret is used, in this case a new secret will be created holding this service account | `""` | -| `image.repository` | Container image name (Including repository name if not `hub.docker.com`). | `registry.opensource.zalan.do/teapot/external-dns` | -| `image.pullPolicy` | Container pull policy. | `IfNotPresent` | -| `image.tag` | Container image tag. | `v0.5.9` | -| `image.pullSecrets` | Array of pull secret names | `[]` | -| `infoblox.gridHost` | When using the Infoblox provider, specify the Infoblox Grid host. | `""` | -| `infoblox.wapiUsername` | When using the Infoblox provider, specify the Infoblox WAPI username. | `""` | -| `infoblox.wapiPassword` | When using the Infoblox provider, specify the Infoblox WAPI password. | `""` | -| `infoblox.domainFilter` | When using the Infoblox provider, optionally specify the domain. | `""` | -| `infoblox.noSslVerify` | When using the Infoblox provider, optionally disable SSL verification. | `false` | -| `infoblox.wapiPort` | When using the Infoblox provider, optionally specify the Infoblox WAPI port. | `""` | -| `infoblox.wapiVersion` | When using the Infoblox provider, optionally specify the Infoblox WAPI version. | `""` | -| `infoblox.wapiConnectionPoolSize` | When using the Infoblox provider, optionally specify the Infoblox WAPI request connection pool size. | `""` | -| `infoblox.wapiHttpTimeout` | When using the Infoblox provider, optionally specify the Infoblox WAPI request timeout in seconds. | `""` | -| `logLevel` | Verbosity of the logs (options: panic, debug, info, warn, error, fatal) | `info` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `podAnnotations` | Additional annotations to apply to the pod. | `{}` | -| `policy` | Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ). | `upsert-only` | -| `provider` | The DNS provider where the DNS records will be created (options: aws, google, azure, cloudflare, digitalocean, inmemory ). | `aws` | -| `publishInternalServices` | Allow external-dns to publish DNS records for ClusterIP services (optional). | `false` | -| `rbac.create` | If true, create & use RBAC resources | `false` | -| `rbac.serviceAccountName` | Existing ServiceAccount to use (ignored if rbac.create=true) | `default` | -| `interval` | Interval update period to use (options: txt, noop) | `txt` | -| `registry` | Registry method to use (options: txt, noop) | `txt` | -| `resources` | CPU/Memory resource requests/limits. | `{}` | -| `securityContext` | Security options the pod should run with. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{}` | -| `priorityClassName` | priorityClassName | `""` | -| `service.annotations` | Annotations to add to service | `{}` | -| `service.clusterIP` | IP address to assign to service | `""` | -| `service.externalIPs` | Service external IP addresses | `[]` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `service.servicePort` | Service port to expose | `7979` | -| `service.type` | Type of service to create | `ClusterIP` | -| `sources` | List of resource types to monitor, possible values are fake, service or ingress. | `[service, ingress]` | -| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | -| `affinity` | List of affinities (requires Kubernetes >=1.6) | `{}` | -| `txtOwnerId` | When using the TXT registry, a name that identifies this instance of ExternalDNS (optional) | `"default"` | -| `txtPrefix` | When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) | `""` | -| `zoneIdFilters` | Limit possible target zones by zone id (optional) | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --name my-release -f values.yaml stable/external-dns -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## IAM Permissions - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "route53:ChangeResourceRecordSets" - ], - "Resource": [ - "arn:aws:route53:::hostedzone/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones", - "route53:ListResourceRecordSets" - ], - "Resource": [ - "*" - ] - } - ] -} -``` - -[external-dns]: https://github.com/kubernetes-incubator/external-dns -[Zalando]: https://zalando.github.io/ -[getting-started]: https://github.com/kubernetes-incubator/external-dns/blob/master/README.md#getting-started diff --git a/charts/rancher-external-dns/v0.2.0/questions.yml b/charts/rancher-external-dns/v0.2.0/questions.yml deleted file mode 100644 index 8f74f7ab7..000000000 --- a/charts/rancher-external-dns/v0.2.0/questions.yml +++ /dev/null @@ -1 +0,0 @@ -rancher_min_version: 2.6.0-alpha1 diff --git a/charts/rancher-external-dns/v0.2.0/templates/NOTES.txt b/charts/rancher-external-dns/v0.2.0/templates/NOTES.txt deleted file mode 100644 index e04285496..000000000 --- a/charts/rancher-external-dns/v0.2.0/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that external-dns has started, run: - - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "external-dns.name" . }},release={{ .Release.Name }}" diff --git a/charts/rancher-external-dns/v0.2.0/templates/_helpers.tpl b/charts/rancher-external-dns/v0.2.0/templates/_helpers.tpl deleted file mode 100644 index 63b3a9d3a..000000000 --- a/charts/rancher-external-dns/v0.2.0/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "external-dns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "external-dns.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if ne $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* Generate basic labels */}} -{{- define "external-dns.labels" }} -app: {{ template "external-dns.name" . }} -heritage: {{.Release.Service }} -release: {{.Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels }} -{{- end }} -{{- end }} - -{{- define "external-dns.aws-credentials" }} -[default] -aws_access_key_id = {{ .Values.aws.accessKey }} -aws_secret_access_key = {{ .Values.aws.secretKey }} -{{ end }} - - -{{- define "external-dns.aws-config" }} -[profile default] -{{- if .Values.aws.roleArn }} -role_arn = {{ .Values.aws.roleArn }} -{{- end }} -region = {{ .Values.aws.region }} -{{ end }} - -{{- define "external-dns.alibabacloud-config" }} -accessKeyId: {{ .Values.alibabacloud.accessKey }} -accessKeySecret: {{ .Values.alibabacloud.secretKey }} -{{ end }} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{- define "deployment_api_version" -}} -{{- if .Capabilities.APIVersions.Has "apps/v1" -}} -{{- "apps/v1" -}} -{{- else if .Capabilities.APIVersions.Has "apps/v1beta2" -}} -{{- "apps/v1beta2" -}} -{{- else if .Capabilities.APIVersions.Has "apps/v1beta1" -}} -{{- "apps/v1beta1" -}} -{{- else -}} -{{- "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-external-dns/v0.2.0/templates/clusterrole.yaml b/charts/rancher-external-dns/v0.2.0/templates/clusterrole.yaml deleted file mode 100644 index 1322e55aa..000000000 --- a/charts/rancher-external-dns/v0.2.0/templates/clusterrole.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRole -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -rules: - - apiGroups: - - "" - resources: - - services - - pods - - nodes - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/rancher-external-dns/v0.2.0/templates/clusterrolebinding.yaml b/charts/rancher-external-dns/v0.2.0/templates/clusterrolebinding.yaml deleted file mode 100644 index b93b19f30..000000000 --- a/charts/rancher-external-dns/v0.2.0/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRoleBinding -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "external-dns.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/rancher-external-dns/v0.2.0/templates/configmap.yaml b/charts/rancher-external-dns/v0.2.0/templates/configmap.yaml deleted file mode 100644 index 8cb558177..000000000 --- a/charts/rancher-external-dns/v0.2.0/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "external-dns.fullname" . }} - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -data: - {{ .Values.designate.customCA.filename }}: | -{{ .Values.designate.customCA.content | indent 4 }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.2.0/templates/deployment.yaml b/charts/rancher-external-dns/v0.2.0/templates/deployment.yaml deleted file mode 100755 index 7f4f2e25f..000000000 --- a/charts/rancher-external-dns/v0.2.0/templates/deployment.yaml +++ /dev/null @@ -1,266 +0,0 @@ -apiVersion: {{ template "deployment_api_version" . }} -kind: Deployment -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -spec: - selector: - matchLabels: - {{ include "external-dns.labels" . | indent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8}} - {{- end }} - labels: {{ include "external-dns.labels" . | indent 8 }} - spec: - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $sec := .Values.image.pullSecrets }} - - name: {{$sec | quote }} - {{- end }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: {{ template "external-dns.name" . }} - image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ .Values.image.tag }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - args: - {{- if .Values.logLevel }} - - --log-level={{ .Values.logLevel }} - {{- end }} - {{- if .Values.publishInternalServices }} - - --publish-internal-services - {{- end }} - {{- range .Values.domainFilters }} - - --domain-filter={{ . }} - {{- end }} - {{- range .Values.zoneIdFilters }} - - --zone-id-filter={{ . }} - {{- end }} - - --policy={{ .Values.policy }} - - --provider={{ .Values.provider }} - - --registry={{ .Values.registry }} - - --interval={{ .Values.interval }} - {{- if .Values.txtOwnerId }} - - --txt-owner-id={{ .Values.txtOwnerId }} - {{- end }} - {{- if .Values.txtPrefix }} - - --txt-prefix={{ .Values.txtPrefix }} - {{- end }} - {{- if .Values.annotationFilter }} - - --annotation-filter={{ .Values.annotationFilter }} - {{- end }} - {{- range .Values.sources }} - - --source={{ . }} - {{- end }} - {{ if .Values.dryRun }} - - --dry-run - {{- end }} - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "cloudflare" }} - {{- if .Values.cloudflare.proxied }} - - --cloudflare-proxied - {{- end }} - {{- end }} - {{- if .Values.aws.zoneType }} - - --aws-zone-type={{ .Values.aws.zoneType }} - {{- end }} - {{- if .Values.google.project }} - - --google-project={{ .Values.google.project }} - {{- end }} - {{- if eq .Values.provider "aws" }} - - --aws-batch-change-size={{ .Values.aws.batchChangeSize }} - {{- end }} - {{- if eq .Values.provider "infoblox" }} - - --infoblox-grid-host={{ .Values.infoblox.gridHost }} - {{- if .Values.infoblox.domainFilter }} - - --domain-filter={{ .Values.infoblox.domainFilter }} - {{- end }} - {{- if .Values.infoblox.wapiPort }} - - --infoblox-wapi-port={{ .Values.infoblox.wapiPort }} - {{- end }} - {{- if .Values.infoblox.wapiVersion }} - - --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }} - {{- end }} - {{- if .Values.infoblox.noSslVerify }} - - --no-infoblox-ssl-verify - {{- else }} - - --infoblox-ssl-verify - {{- end }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - --alibaba-cloud-config-file=/etc/kubernetes/config.yaml - {{- end }} - {{- if .Values.alibabacloud.zoneType }} - - --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }} - {{- end }} - volumeMounts: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: google-service-account - mountPath: /etc/secrets/service-account/ - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if not .Values.azure.secretName }} - mountPath: /etc/kubernetes/azure.json - {{- else }} - mountPath: /etc/kubernetes/ - {{- end }} - readOnly: true - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - mountPath: {{ .Values.aws.credentialsPath }} - readOnly: true - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - mountPath: {{ .Values.designate.customCA.directory }} - readOnly: true - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - mountPath: /etc/kubernetes/ - readOnly: true - - mountPath: /usr/share/zoneinfo - name: zoneinfo - readOnly: true - {{- end }} - env: - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /etc/secrets/service-account/credentials.json - {{- end }} - {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} - {{- if .Values.aws.region }} - - name: AWS_DEFAULT_REGION - value: {{ .Values.aws.region }} - {{- end }} - {{- end }} - {{- if and .Values.cloudflare.apiKey .Values.cloudflare.email }} - - name: CF_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: cloudflare_api_key - - name: CF_API_EMAIL - value: "{{ .Values.cloudflare.email }}" - {{- end }} - {{- if .Values.infoblox.wapiConnectionPoolSize }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS - value: "{{ .Values.infoblox.wapiConnectionPoolSize }}" - {{- end }} - {{- if .Values.infoblox.wapiHttpTimeout }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT - value: "{{ .Values.infoblox.wapiHttpTimeout }}" - {{- end }} - {{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - - name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_username - - name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "external-dns.fullname" . }} - key: infoblox_wapi_password - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: OPENSTACK_CA_FILE - value: {{ .Values.designate.customCA.directory }}/{{ .Values.designate.customCA.filename }} - {{- end }} - {{- $root := . -}} - {{- range .Values.extraEnv }} - - name: {{ .name }} - valueFrom: - {{- if .valueFrom }} -{{ toYaml .valueFrom | indent 14 }} - {{- else }} - secretKeyRef: - name: {{ template "external-dns.fullname" $root }} - key: {{ .name }} - {{- end }} - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: 7979 - ports: - - containerPort: 7979 - {{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - volumes: - {{- if .Values.google.serviceAccountSecret }} - - name: google-service-account - secret: - secretName: {{ .Values.google.serviceAccountSecret | quote }} - {{- else if .Values.google.serviceAccountKey }} - - name: google-service-account - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end}} - {{- if eq .Values.provider "azure" }} - - name: azure-config-file - {{- if (not .Values.azure.secretName)}} - hostPath: - path: /etc/kubernetes/azure.json - type: File - {{- else}} - secret: - secretName: {{.Values.azure.secretName}} - {{- end}} - {{- end }} - {{- if (and .Values.aws.secretKey .Values.aws.accessKey) }} - - name: aws-credentials - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: designate-custom-ca - configMap: - name: {{ template "external-dns.fullname" . }} - items: - - key: {{ .Values.designate.customCA.filename }} - path: {{ .Values.designate.customCA.filename }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - - name: alibaba-cloud-config-file - secret: - secretName: {{ template "external-dns.fullname" . }} - - name: zoneinfo - hostPath: - path: /usr/share/zoneinfo - {{- end }} - nodeSelector: - beta.kubernetes.io/os: linux - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "external-dns.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} diff --git a/charts/rancher-external-dns/v0.2.0/templates/secret.yaml b/charts/rancher-external-dns/v0.2.0/templates/secret.yaml deleted file mode 100644 index a5a5fc428..000000000 --- a/charts/rancher-external-dns/v0.2.0/templates/secret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if or (and .Values.aws.secretKey .Values.aws.accessKey) .Values.cloudflare.apiKey (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) .Values.extraEnv .Values.google.serviceAccountKey (and .Values.alibabacloud.secretKey .Values.alibabacloud.accessKey) -}} -apiVersion: v1 -kind: Secret -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -type: Opaque -data: -{{- if eq .Values.provider "aws" }} - credentials: {{ include "external-dns.aws-credentials" . | b64enc | quote }} - config: {{ include "external-dns.aws-config" . | b64enc | quote }} -{{- end}} -{{- if and (eq .Values.provider "google") .Values.google.serviceAccountKey }} - credentials.json: {{ .Values.google.serviceAccountKey | b64enc | quote }} -{{- end}} -{{- if .Values.cloudflare.apiKey }} - cloudflare_api_key: {{ .Values.cloudflare.apiKey | b64enc | quote }} -{{- end }} -{{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} - infoblox_wapi_username: {{ .Values.infoblox.wapiUsername | b64enc | quote }} - infoblox_wapi_password: {{ .Values.infoblox.wapiPassword | b64enc | quote }} -{{- end }} -{{- if eq .Values.provider "alibabacloud" }} - config.yaml: {{ include "external-dns.alibabacloud-config" . | b64enc | quote }} -{{- end}} - -{{- range .Values.extraEnv }} - {{- if .value }} - {{ .name }}: {{ .value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.2.0/templates/service.yaml b/charts/rancher-external-dns/v0.2.0/templates/service.yaml deleted file mode 100644 index ef73ad2b2..000000000 --- a/charts/rancher-external-dns/v0.2.0/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "external-dns.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "external-dns.fullname" . }} -spec: -{{- if .Values.service.clusterIP }} - clusterIP: "{{ .Values.service.clusterIP }}" -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - port: {{ .Values.service.servicePort }} - protocol: TCP - targetPort: 7979 - name: http - selector: - app: {{ template "external-dns.name" . }} - release: {{ .Release.Name }} - type: "{{ .Values.service.type }}" diff --git a/charts/rancher-external-dns/v0.2.0/templates/serviceaccount.yaml b/charts/rancher-external-dns/v0.2.0/templates/serviceaccount.yaml deleted file mode 100644 index 936ed7580..000000000 --- a/charts/rancher-external-dns/v0.2.0/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{ include "external-dns.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "external-dns.fullname" . }} -{{- end }} diff --git a/charts/rancher-external-dns/v0.2.0/values.yaml b/charts/rancher-external-dns/v0.2.0/values.yaml deleted file mode 100644 index 81f7470a7..000000000 --- a/charts/rancher-external-dns/v0.2.0/values.yaml +++ /dev/null @@ -1,179 +0,0 @@ -## Details about the image to be pulled. -image: - repository: rancher/mirrored-kubernetes-external-dns - tag: v0.7.3 - pullSecrets: [] - pullPolicy: IfNotPresent - -## This controls which types of resource external-dns should 'watch' for new -## DNS entries. -sources: - - service - - ingress - -# Allow external-dns to publish DNS records for ClusterIP services (optional) -publishInternalServices: false - -## The DNS provider where the DNS records will be created (options: aws, google, inmemory, azure, alibabacloud ) -provider: aws - -# Configurations for Alibabacloud provider -alibabacloud: - accessKey: "" - secretKey: "" - # Filter for zones of this type (optional, options: public, private or no value for both) - zoneType: "" - -# AWS Access keys to inject as environment variables -aws: - secretKey: "" - accessKey: "" - # pre external-dns 0.5.9 home dir should be `/root/.aws` - credentialsPath: "/.aws" - roleArn: "" - region: "us-east-1" - # Filter for zones of this type (optional, options: public, private) - zoneType: "" - # Batch size for Route53 changes - batchChangeSize: 100 - -azure: -# If you don't specify a secret to load azure.json from, you will get the host's /etc/kubernetes/azure.json - secretName: "" - -# Cloudflare keys to inject as environment variables -cloudflare: - apiKey: "" - email: "" - proxied: true - -# Configuration for OpenStack Designate provider -designate: - # A custom CA (optional) - customCA: - # Turn custom CA on or off - enabled: false - # The content of the custom CA file - content: "" - # Location to mount custom CA - directory: "/config/designate" - # Filename of the custom CA - filename: "designate-ca.pem" - -# When using the Google provider, specify the Google project (required when provider=google) -google: - project: "" - serviceAccountSecret: "" - serviceAccountKey: "" - -# Infoblox keys to inject -infoblox: - # Required keys: - wapiUsername: "" - wapiPassword: "" - gridHost: "" - # Optional keys: - domainFilter: "" - noSslVerify: false - wapiPort: "" - wapiVersion: "" - wapiConnectionPoolSize: "" - wapiHttpTimeout: "" - -## Limit possible target zones by domain suffixes (optional) -domainFilters: [] -## Limit possible target zones by zone id (optional) -zoneIdFilters: [] -# Filter sources managed by external-dns via annotation using label selector semantics (default: all sources) -annotationFilter: "" -## Adjust the interval for DNS updates -interval: "1m" - -# Registry to use for ownership (txt or noop) -registry: "txt" - -# When using the TXT registry, a name that identifies this instance of ExternalDNS -txtOwnerId: "" - -# When enabled, prints DNS record changes rather than actually performing them -dryRun: false - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -## Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ) -policy: upsert-only - -## Annotations to be added to pods -## -podAnnotations: {} - -podLabels: {} - -# Verbosity of the logs (options: panic, debug, info, warn, error, fatal) -logLevel: info - -extraArgs: {} - -# Extra environment variables which will be saved in a release-specific secret -# or retrieved via valueFrom. -# extraEnv: -# - name: SECRET_TO_SAVE -# value: secret_value -# - name: AWS_ACCESS_KEY_ID -# valueFrom: -# secretKeyRef: -# name: existing-secret -# key: access-key-id -extraEnv: [] - -## CPU and Memory limit and request for external-dns -resources: - limits: - memory: 100Mi - cpu: 200m - requests: - memory: 50Mi - cpu: 100m - -rbac: - ## If true, create & use RBAC resources - ## - create: false - # Beginning with Kubernetes 1.8, the api is stable and v1 can be used. - apiVersion: v1beta1 - - ## Ignored if rbac.create is true - ## - serviceAccountName: default - -securityContext: {} - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 65534 # 65534 is nobody - revise aws.credentialsPath when changing uid - # capabilities: - # drop: ["ALL"] - -service: - annotations: {} - clusterIP: "" - - ## List of IP addresses at which the service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 7979 - type: ClusterIP - -priorityClassName: "" - -global: - systemDefaultRegistry: "" diff --git a/charts/rancher-gatekeeper-operator/0.1.0/.helmignore b/charts/rancher-gatekeeper-operator/0.1.0/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-gatekeeper-operator/0.1.0/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-gatekeeper-operator/0.1.0/Chart.yaml b/charts/rancher-gatekeeper-operator/0.1.0/Chart.yaml deleted file mode 100644 index fd7fdaf58..000000000 --- a/charts/rancher-gatekeeper-operator/0.1.0/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Gatekeeper -name: rancher-gatekeeper-operator -keywords: - - open policy agent -version: 0.1.0 -home: https://github.com/open-policy-agent/gatekeeper -sources: - - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.1.0-beta.7 diff --git a/charts/rancher-gatekeeper-operator/0.1.0/generate_helm_template.sh b/charts/rancher-gatekeeper-operator/0.1.0/generate_helm_template.sh deleted file mode 100644 index 204a55163..000000000 --- a/charts/rancher-gatekeeper-operator/0.1.0/generate_helm_template.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -scriptdir="$(dirname "$0")" -cd "$scriptdir" -cp ./../../deploy/gatekeeper.yaml ${PWD}/helm-modifications/_temp.yaml -kustomize build helm-modifications -o templates/gatekeeper.yaml -sed -i -E "s/HELMSUBST_DEPLOYMENT_CONTAINER_RESOURCES/\ -\n{{ toYaml .Values.resources | indent 10 }}/" templates/gatekeeper.yaml -sed -i -E "s/HELMSUBST_DEPLOYMENT_POD_SCHEDULING/\ -\n{{ toYaml .Values.nodeSelector | indent 8 }}\ -\n affinity:\ -\n{{ toYaml .Values.affinity | indent 8 }}\ -\n tolerations:\ -\n{{ toYaml .Values.tolerations | indent 8 }}/" templates/gatekeeper.yaml -sed -i "s/HELMSUBST_DEPLOYMENT_REPLICAS/{{ .Values.replicas }}/g" templates/gatekeeper.yaml -rm ./helm-modifications/_temp.yaml -echo "Helm template created under '$PWD/templates'" diff --git a/charts/rancher-gatekeeper-operator/0.1.0/questions.yaml b/charts/rancher-gatekeeper-operator/0.1.0/questions.yaml deleted file mode 100644 index 09c18f12c..000000000 --- a/charts/rancher-gatekeeper-operator/0.1.0/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rancher_min_version: 2.4.0-rc1 -rancher_max_version: 2.4.99 -labels: - io.rancher.certified: experimental diff --git a/charts/rancher-gatekeeper-operator/0.1.0/templates/_helpers.tpl b/charts/rancher-gatekeeper-operator/0.1.0/templates/_helpers.tpl deleted file mode 100644 index eace7a78f..000000000 --- a/charts/rancher-gatekeeper-operator/0.1.0/templates/_helpers.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "gatekeeper-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gatekeeper-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gatekeeper-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "gatekeeper-operator.labels" -}} -app.kubernetes.io/name: {{ include "gatekeeper-operator.name" . }} -helm.sh/chart: {{ include "gatekeeper-operator.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-gatekeeper-operator/0.1.0/templates/allowedrepos.yaml b/charts/rancher-gatekeeper-operator/0.1.0/templates/allowedrepos.yaml deleted file mode 100644 index 3308a767f..000000000 --- a/charts/rancher-gatekeeper-operator/0.1.0/templates/allowedrepos.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: templates.gatekeeper.sh/v1beta1 -kind: ConstraintTemplate -metadata: - name: k8sallowedrepos -spec: - crd: - spec: - names: - kind: K8sAllowedRepos - validation: - # Schema for the `parameters` field - openAPIV3Schema: - properties: - repos: - type: array - items: - type: string - targets: - - target: admission.k8s.gatekeeper.sh - rego: | - package k8sallowedrepos - - violation[{"msg": msg}] { - container := input.review.object.spec.containers[_] - satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] - not any(satisfied) - msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) - } - - violation[{"msg": msg}] { - container := input.review.object.spec.initContainers[_] - satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] - not any(satisfied) - msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) - } \ No newline at end of file diff --git a/charts/rancher-gatekeeper-operator/0.1.0/templates/gatekeeper.yaml b/charts/rancher-gatekeeper-operator/0.1.0/templates/gatekeeper.yaml deleted file mode 100644 index 9b26699a3..000000000 --- a/charts/rancher-gatekeeper-operator/0.1.0/templates/gatekeeper.yaml +++ /dev/null @@ -1,591 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - admission.gatekeeper.sh/ignore: no-self-managing - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - control-plane: controller-manager - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-system ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation - creationTimestamp: null - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: configs.config.gatekeeper.sh -spec: - group: config.gatekeeper.sh - names: - kind: Config - listKind: ConfigList - plural: configs - shortNames: - - config - singular: config - scope: Namespaced - validation: - openAPIV3Schema: - description: Config is the Schema for the configs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigSpec defines the desired state of Config - properties: - sync: - description: Configuration for syncing k8s objects - properties: - syncOnly: - description: If non-empty, only entries on this list will be replicated - into OPA - items: - properties: - group: - type: string - kind: - type: string - version: - type: string - type: object - type: array - type: object - validation: - description: Configuration for validation - properties: - traces: - description: List of requests to trace. Both "user" and "kinds" - must be specified - items: - properties: - dump: - description: Also dump the state of OPA with the trace. Set - to `All` to dump everything. - type: string - kind: - description: Only trace requests of the following GroupVersionKind - properties: - group: - type: string - kind: - type: string - version: - type: string - type: object - user: - description: Only trace requests from the specified user - type: string - type: object - type: array - type: object - type: object - status: - description: ConfigStatus defines the observed state of Config - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation - creationTimestamp: null - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - controller-tools.k8s.io: "1.0" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: constrainttemplates.templates.gatekeeper.sh -spec: - group: templates.gatekeeper.sh - names: - kind: ConstraintTemplate - plural: constrainttemplates - shortNames: - - constraints - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - crd: - properties: - spec: - properties: - names: - properties: - kind: - type: string - shortNames: - items: - type: string - type: array - type: object - validation: - type: object - type: object - type: object - targets: - items: - properties: - libs: - items: - type: string - type: array - rego: - type: string - target: - type: string - type: object - type: array - type: object - status: - properties: - byPod: - items: - properties: - errors: - items: - properties: - code: - type: string - location: - type: string - message: - type: string - required: - - code - - message - type: object - type: array - id: - description: a unique identifier for the pod that wrote the status - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: array - created: - type: boolean - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - - name: v1alpha1 - served: true - storage: false ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-admin - namespace: gatekeeper-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-manager-role - namespace: gatekeeper-system -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-manager-role -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - config.gatekeeper.sh - resources: - - configs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - config.gatekeeper.sh - resources: - - configs/status - verbs: - - get - - patch - - update -- apiGroups: - - constraints.gatekeeper.sh - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - templates.gatekeeper.sh - resources: - - constrainttemplates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - templates.gatekeeper.sh - resources: - - constrainttemplates/status - verbs: - - get - - patch - - update -- apiGroups: - - admissionregistration.k8s.io - resourceNames: - - gatekeeper-validating-webhook-configuration - resources: - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-manager-rolebinding - namespace: gatekeeper-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: gatekeeper-manager-role -subjects: -- kind: ServiceAccount - name: gatekeeper-admin - namespace: gatekeeper-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gatekeeper-manager-role -subjects: -- kind: ServiceAccount - name: gatekeeper-admin - namespace: gatekeeper-system ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-webhook-server-cert - namespace: gatekeeper-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-webhook-service - namespace: gatekeeper-system -spec: - ports: - - port: 443 - targetPort: 8443 - selector: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - control-plane: controller-manager - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - control-plane: controller-manager - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-controller-manager - namespace: gatekeeper-system -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - control-plane: controller-manager - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - template: - metadata: - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - control-plane: controller-manager - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - spec: - containers: - - args: - - --audit-interval={{ .Values.auditInterval }} - - --port=8443 - - --logtostderr - - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} - - --audit-from-cache={{ .Values.auditFromCache }} - - --exempt-namespace=gatekeeper-system - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' - imagePullPolicy: '{{ .Values.image.pullPolicy }}' - livenessProbe: - httpGet: - path: /healthz - port: 9090 - name: manager - ports: - - containerPort: 8443 - name: webhook-server - protocol: TCP - - containerPort: 8888 - name: metrics - protocol: TCP - - containerPort: 9090 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 9090 - resources: -{{ toYaml .Values.resources | indent 10 }} - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 999 - runAsNonRoot: true - runAsUser: 1000 - volumeMounts: - - mountPath: /certs - name: cert - readOnly: true - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - serviceAccountName: gatekeeper-admin - terminationGracePeriodSeconds: 60 - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: gatekeeper-webhook-server-cert ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - creationTimestamp: null - labels: - app: '{{ template "gatekeeper-operator.name" . }}' - chart: '{{ template "gatekeeper-operator.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-validating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: gatekeeper-webhook-service - namespace: gatekeeper-system - path: /v1/admit - failurePolicy: Ignore - name: validation.gatekeeper.sh - namespaceSelector: - matchExpressions: - - key: control-plane - operator: DoesNotExist - - key: admission.gatekeeper.sh/ignore - operator: DoesNotExist - rules: - - apiGroups: - - '*' - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - '*' - sideEffects: None - timeoutSeconds: 5 -- clientConfig: - caBundle: Cg== - service: - name: gatekeeper-webhook-service - namespace: gatekeeper-system - path: /v1/admitlabel - failurePolicy: Fail - name: check-ignore-label.gatekeeper.sh - rules: - - apiGroups: - - "" - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - namespaces - sideEffects: None - timeoutSeconds: 5 diff --git a/charts/rancher-gatekeeper-operator/0.1.0/templates/job-constraints-crd.yaml b/charts/rancher-gatekeeper-operator/0.1.0/templates/job-constraints-crd.yaml deleted file mode 100644 index c8067f752..000000000 --- a/charts/rancher-gatekeeper-operator/0.1.0/templates/job-constraints-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: gatekeeper-delete-constraints-crd-job - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - spec: - serviceAccountName: gatekeeper-admin - containers: - - name: gatekeeper-delete-constraints-crd - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - command: ["kubectl", "delete", "constrainttemplates", "--all"] - restartPolicy: Never - backoffLimit: 1 \ No newline at end of file diff --git a/charts/rancher-gatekeeper-operator/0.1.0/templates/requiredlabels.yaml b/charts/rancher-gatekeeper-operator/0.1.0/templates/requiredlabels.yaml deleted file mode 100644 index e8c284a8d..000000000 --- a/charts/rancher-gatekeeper-operator/0.1.0/templates/requiredlabels.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: templates.gatekeeper.sh/v1beta1 -kind: ConstraintTemplate -metadata: - name: k8srequiredlabels -spec: - crd: - spec: - names: - kind: K8sRequiredLabels - validation: - # Schema for the `parameters` field - openAPIV3Schema: - properties: - message: - type: string - labels: - type: array - items: - type: object - properties: - key: - type: string - allowedRegex: - type: string - targets: - - target: admission.k8s.gatekeeper.sh - rego: | - package k8srequiredlabels - - get_message(parameters, _default) = msg { - not parameters.message - msg := _default - } - - get_message(parameters, _default) = msg { - msg := parameters.message - } - - violation[{"msg": msg, "details": {"missing_labels": missing}}] { - provided := {label | input.review.object.metadata.labels[label]} - required := {label | label := input.parameters.labels[_].key} - missing := required - provided - count(missing) > 0 - def_msg := sprintf("you must provide labels: %v", [missing]) - msg := get_message(input.parameters, def_msg) - } - - violation[{"msg": msg}] { - value := input.review.object.metadata.labels[key] - expected := input.parameters.labels[_] - expected.key == key - # do not match if allowedRegex is not defined, or is an empty string - expected.allowedRegex != "" - not re_match(expected.allowedRegex, value) - def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) - msg := get_message(input.parameters, def_msg) - } \ No newline at end of file diff --git a/charts/rancher-gatekeeper-operator/0.1.0/values.yaml b/charts/rancher-gatekeeper-operator/0.1.0/values.yaml deleted file mode 100644 index 24aa00b39..000000000 --- a/charts/rancher-gatekeeper-operator/0.1.0/values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -replicas: 1 -auditInterval: 300 -constraintViolationsLimit: 20 -auditFromCache: false -image: - repository: rancher/opa-gatekeeper - tag: v3.1.0-beta.7 - pullPolicy: IfNotPresent -nodeSelector: {"beta.kubernetes.io/os": "linux"} -tolerations: [] -resources: - limits: - cpu: 1000m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi -global: - systemDefaultRegistry: "" - kubectl: - repository: rancher/istio-kubectl - tag: 1.4.6 \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/.helmignore b/charts/rancher-istio/0.1.0/.helmignore deleted file mode 100644 index f7595a6fa..000000000 --- a/charts/rancher-istio/0.1.0/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -tests/ diff --git a/charts/rancher-istio/0.1.0/Chart.yaml b/charts/rancher-istio/0.1.0/Chart.yaml deleted file mode 100644 index 118135d82..000000000 --- a/charts/rancher-istio/0.1.0/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -name: rancher-istio -version: 0.1.0 -appVersion: 1.3.1 -tillerVersion: ">=2.7.2-0" -description: Helm chart for all istio components -home: https://istio.io/ -keywords: - - istio - - security - - sidecarInjectorWebhook - - mixer - - pilot - - galley -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -maintainers: - - name: istio diff --git a/charts/rancher-istio/0.1.0/LICENSE b/charts/rancher-istio/0.1.0/LICENSE deleted file mode 100644 index 56df9b297..000000000 --- a/charts/rancher-istio/0.1.0/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/0.1.0/README.md b/charts/rancher-istio/0.1.0/README.md deleted file mode 100644 index de67ba20b..000000000 --- a/charts/rancher-istio/0.1.0/README.md +++ /dev/null @@ -1,140 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - - - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - ``` - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - ``` - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - ``` - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - ``` - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - ``` - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - ``` - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - ``` - $ helm delete istio - ``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - ``` - $ helm delete --purge istio - ``` diff --git a/charts/rancher-istio/0.1.0/app-readme.md b/charts/rancher-istio/0.1.0/app-readme.md deleted file mode 100644 index 1cab4a4f5..000000000 --- a/charts/rancher-istio/0.1.0/app-readme.md +++ /dev/null @@ -1,25 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/overview.html) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple istio components as subcharts: -- gateways -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- tracing(jaeger) -- kiali -- grafana -- prometheus - -To enable or disable each component, change the corresponding `enabled` flag. - -Notes: You will need to apply `kubectl label namespace $your-namesapce istio-injection=enabled` to enabled automatic sidecar injection of your desired kubernetes namespaces. diff --git a/charts/rancher-istio/0.1.0/charts/certmanager/Chart.yaml b/charts/rancher-istio/0.1.0/charts/certmanager/Chart.yaml deleted file mode 100644 index b83f4d1e3..000000000 --- a/charts/rancher-istio/0.1.0/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: certmanager -version: 1.1.0 -appVersion: 0.6.2 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.0/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/0.1.0/charts/certmanager/templates/NOTES.txt deleted file mode 100644 index 0307ede4c..000000000 --- a/charts/rancher-istio/0.1.0/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/certmanager/templates/_helpers.tpl deleted file mode 100644 index 331a91d43..000000000 --- a/charts/rancher-istio/0.1.0/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/certmanager/templates/deployment.yaml deleted file mode 100644 index 2999c287f..000000000 --- a/charts/rancher-istio/0.1.0/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- else }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: - {{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/0.1.0/charts/certmanager/templates/issuer.yaml deleted file mode 100644 index 59402daea..000000000 --- a/charts/rancher-istio/0.1.0/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/0.1.0/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.0/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100644 index b251e3653..000000000 --- a/charts/rancher-istio/0.1.0/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/0.1.0/charts/certmanager/templates/rbac.yaml deleted file mode 100644 index 506dd38e2..000000000 --- a/charts/rancher-istio/0.1.0/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/0.1.0/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100644 index f87543508..000000000 --- a/charts/rancher-istio/0.1.0/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.0/charts/certmanager/values.yaml b/charts/rancher-istio/0.1.0/charts/certmanager/values.yaml deleted file mode 100644 index da1f5f235..000000000 --- a/charts/rancher-istio/0.1.0/charts/certmanager/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.6.2 -resources: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard” vs. "soft” requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security” and value "S1”. -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/0.1.0/charts/galley/Chart.yaml b/charts/rancher-istio/0.1.0/charts/galley/Chart.yaml deleted file mode 100644 index 5933bde12..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: galley -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for galley deployment -keywords: - - istio - - galley -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.0/charts/galley/OWNERS b/charts/rancher-istio/0.1.0/charts/galley/OWNERS deleted file mode 100644 index d6a0e1b97..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -approvers: - - cmluciano - - geeknoid - - ozevren - - ayj diff --git a/charts/rancher-istio/0.1.0/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/galley/templates/_helpers.tpl deleted file mode 100644 index 5d42f4a03..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/charts/galley/templates/clusterrole.yaml deleted file mode 100644 index ec0c94aba..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["*"] -- apiGroups: ["config.istio.io"] # istio mixer CRD watcher - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments"] - resourceNames: ["istio-galley"] - verbs: ["get"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments/finalizers"] - resourceNames: ["istio-galley"] - verbs: ["update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/0.1.0/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.0/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100644 index 88cde2554..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.0/charts/galley/templates/configmap.yaml b/charts/rancher-istio/0.1.0/charts/galley/templates/configmap.yaml deleted file mode 100644 index 662c960b1..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/0.1.0/charts/galley/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/galley/templates/deployment.yaml deleted file mode 100644 index da13e5962..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,123 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/healthliveness - - --readinessProbePath=/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} - - --validation-webhook-config-file - - /etc/config/validatingwebhookconfiguration.yaml - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account - - name: config - configMap: - name: istio-galley-configuration - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.0/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100644 index 75bf77834..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/galley/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/galley/templates/service.yaml deleted file mode 100644 index cd21fd192..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/0.1.0/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/galley/templates/serviceaccount.yaml deleted file mode 100644 index 1ff54c49e..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.0/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/0.1.0/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100644 index ce68fb8a5..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,118 +0,0 @@ -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - failurePolicy: Fail - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - circonuses - - deniers - - fluentds - - kubernetesenvs - - listcheckers - - memquotas - - noops - - opas - - prometheuses - - rbacs - - solarwindses - - stackdrivers - - cloudwatches - - dogstatsds - - statsds - - stdios - - apikeys - - authorizations - - checknothings - # - kuberneteses - - listentries - - logentries - - metrics - - quotas - - reportnothings - - tracespans - - adapters - - handlers - - instances - - templates - - zipkins - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/galley/values.yaml b/charts/rancher-istio/0.1.0/charts/galley/values.yaml deleted file mode 100644 index fa7a306d0..000000000 --- a/charts/rancher-istio/0.1.0/charts/galley/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard” vs. "soft” requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security” and value "S1”. -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/0.1.0/charts/gateways/Chart.yaml b/charts/rancher-istio/0.1.0/charts/gateways/Chart.yaml deleted file mode 100644 index 1bc2806f6..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -name: gateways -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for deploying Istio gateways -keywords: - - istio - - ingressgateway - - egressgateway - - gateways -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.0/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/0.1.0/charts/gateways/templates/_affinity.tpl deleted file mode 100644 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/gateways/templates/_helpers.tpl deleted file mode 100644 index bfc8bc400..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/0.1.0/charts/gateways/templates/autoscale.yaml deleted file mode 100644 index 2455ac345..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/gateways/templates/deployment.yaml deleted file mode 100644 index 900ac4f20..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,323 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeAgent.repository }}:{{ $.Values.global.nodeAgent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsServiceAddress - - {{ $.Values.global.proxy.envoyMetricsService.host }}:{{ $.Values.global.proxy.envoyMetricsService.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- if $spec.applicationPorts }} - - --applicationPorts - - "{{ $spec.applicationPorts }}" - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://api/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.0/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100644 index 36a2d5a9c..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/0.1.0/charts/gateways/templates/preconfigured.yaml deleted file mode 100644 index 8d3dee930..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,239 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingress-certs/tls.crt - privateKey: /etc/istio/ingress-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadLabels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - filters: - - listenerMatch: - portNumber: 15443 - listenerType: GATEWAY - insertPosition: - index: AFTER - relativeTo: envoy.filters.network.sni_cluster - filterName: envoy.filters.network.tcp_cluster_rewrite - filterType: NETWORK - filterConfig: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/gateways/templates/role.yaml b/charts/rancher-istio/0.1.0/charts/gateways/templates/role.yaml deleted file mode 100644 index de4660442..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/0.1.0/charts/gateways/templates/rolebindings.yaml deleted file mode 100644 index 4bb30150d..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/gateways/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/gateways/templates/service.yaml deleted file mode 100644 index 09590310d..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - - # range addon ports - {{- range $key, $val := $spec.addOnPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - - # range meshExpansion ports - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/gateways/templates/serviceaccount.yaml deleted file mode 100644 index d4f6938c1..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/0.1.0/charts/gateways/values.yaml b/charts/rancher-istio/0.1.0/charts/gateways/values.yaml deleted file mode 100644 index b62de2d2e..000000000 --- a/charts/rancher-istio/0.1.0/charts/gateways/values.yaml +++ /dev/null @@ -1,283 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - addOnPorts: - # - port: 15029 - # targetPort: 15029 - # name: https-kiali - # - port: 15030 - # targetPort: 15030 - # name: https-prometheus - # - port: 15031 - # targetPort: 15031 - # name: https-grafana - # - port: 15032 - # targetPort: 15032 - # name: https-tracing - # # This is the port where sni routing happens - # - port: 15443 - # targetPort: 15443 - # name: tls - # - port: 15020 - # targetPort: 15020 - # name: status-port - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - # Ports to explicitly check for readiness. If configured, the readiness check will expect a - # listener on these ports. A comma separated list is expected, such as "80,443". - # - # Warning: If you do not have a gateway configured for the ports provided, this check will always - # fail. This is intended for use cases where you always expect to have a listener on the port, - # such as 80 or 443 in typical setups. - applicationPorts: "" - - env: - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/0.1.0/charts/grafana/Chart.yaml b/charts/rancher-istio/0.1.0/charts/grafana/Chart.yaml deleted file mode 100644 index 8ed346996..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: grafana -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/0.1.0/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index ffe4551a9..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"citadel\", pod_name=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/0.1.0/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index b9b07daa9..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1819 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (typeURL) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ typeURL }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 35 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{apiVersion=\"{{apiVersion}}\",group=\"{{group}}\",kind=\"{{kind}}\"}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Successes", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Conversions/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 3826fbae8..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/0.1.0/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index b074d13ba..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/0.1.0/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index b8ef6d2d7..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/grafana/fix_datasources.sh b/charts/rancher-istio/0.1.0/charts/grafana/fix_datasources.sh deleted file mode 100755 index 33d68691a..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/grafana/templates/_helpers.tpl deleted file mode 100644 index 9d4c59205..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100644 index 78230cefa..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100644 index 9a1e6549f..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/configmap.yaml deleted file mode 100644 index 703f291bd..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100644 index 3246a0d2d..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/deployment.yaml deleted file mode 100644 index bd839eff8..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,165 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - - name: grafana-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.nginxProxy.repository }}:{{ .Values.global.nginxProxy.tag }}" - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - mountPath: /nginx/ - name: grafana-nginx - {{- if and .Values.resources .Values.resources.proxy }} - resources: - {{ toYaml .Values.resources.proxy | indent 10 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: grafana-nginx - configMap: - name: grafana-nginx - items: - - key: nginx.conf - mode: 438 - path: nginx.conf - - name: data -{{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default ("istio-grafana-pvc") }} -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100644 index b9a392651..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/ingress.yaml deleted file mode 100644 index 5645093d0..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/nginx-configmap.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/nginx-configmap.yaml deleted file mode 100644 index 918d61f09..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/nginx-configmap.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: grafana-nginx - labels: - app: grafana-nginx - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: |- - user nginx; - worker_processes auto; - error_log /dev/stdout warn; - pid /var/run/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - server { - listen 80; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - - location /api/dashboards { - proxy_pass http://localhost:3000; - } - - location /api/search { - proxy_pass http://localhost:3000; - - sub_filter_types application/json; - sub_filter_once off; - sub_filter '"url":"/d' '"url":"d'; - } - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; - - proxy_pass http://localhost:3000/; - - sub_filter_types text/html; - sub_filter_once off; - sub_filter '"appSubUrl":""' '"appSubUrl":"."'; - sub_filter '"url":"/' '"url":"./'; - sub_filter ':"/avatar/' ':"avatar/'; - - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - } - } - } -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/pvc.yaml deleted file mode 100644 index 20596f887..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -{{- if .Values.persistence.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.persistence.storageClass }} - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/service.yaml deleted file mode 100644 index a1542f05e..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - kubernetes.io/cluster-service: "true" -spec: - type: {{ .Values.service.type }} - ports: - - name: http-access-grafana - protocol: TCP - targetPort: 80 - port: 80 - selector: - app: grafana -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/0.1.0/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100644 index 7c8d1944b..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/grafana/values.yaml b/charts/rancher-istio/0.1.0/charts/grafana/values.yaml deleted file mode 100644 index c5e6ffc0a..000000000 --- a/charts/rancher-istio/0.1.0/charts/grafana/values.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persistence: - enabled: false - storageClass: "" - accessMode: ReadWriteOnce - existingClaim: "" - size: 5Gi -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - type: ClusterIP - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio - -resources: {} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/Chart.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/Chart.yaml deleted file mode 100644 index ab4ce1fa5..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: istio-init -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2-0" -description: Helm chart to initialize Istio CRDs -keywords: - - istio - - crd -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/LICENSE b/charts/rancher-istio/0.1.0/charts/istio-init/LICENSE deleted file mode 100644 index 56df9b297..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/README.md b/charts/rancher-istio/0.1.0/charts/istio-init/README.md deleted file mode 100644 index c0a0e34f8..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -## Introduction - -This chart bootstraps Istio's [CRDs](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) -which are an internal implementation detail of Istio. CRDs define data structures for storing runtime configuration -specified by a human operator. - -This chart must be run to completion prior to running other Istio charts, or other Istio charts will fail to initialize. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required - -## Resources Required - -The chart deploys pods that consume minimal resources. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - ``` - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. If Tiller has not already been installed in your cluster, Install Tiller on your cluster with the service account: - ``` - $ helm init --service-account tiller - ``` - -1. Install the Istio initializer chart: - ``` - $ helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system - ``` - - > Although you can install the `istio-init` chart to any namespace, it is recommended to install `istio-init` in the same namespace(`istio-system`) as other Istio charts. - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options are explained in the following table: - -| Parameter | Description | Values | Default | -| --- | --- | --- | --- | -| `global.hub` | Specifies the HUB for most images used by Istio | registry/namespace | `docker.io/istio` | -| `global.tag` | Specifies the TAG for most images used by Istio | valid image tag | `0.8.latest` | -| `global.imagePullPolicy` | Specifies the image pull policy | valid image pull policy | `IfNotPresent` | - - -## Uninstalling the Chart - -> Uninstalling this chart does not delete Istio's registered CRDs. Istio by design expects -> CRDs to leak into the Kubernetes environment. As CRDs contain all runtime configuration -> data in CustomResources the Istio designers feel it is better to explicitly delete this -> configuration rather then unexpectedly lose it. - -To uninstall/delete the `istio-init` release but continue to track the release: - ``` - $ helm delete istio-init - ``` - -To uninstall/delete the `istio-init` release completely and make its name free for later use: - ``` - $ helm delete --purge istio-init - ``` - -> Warning: Deleting CRDs will delete any configuration that you have made to Istio. - -To delete all CRDs, run the following command - ``` - $ for i in istio-init/files/*crd*yaml; do kubectl delete -f $i; done - ``` diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-10.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-10.yaml deleted file mode 100644 index e76e50edc..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-10.yaml +++ /dev/null @@ -1,636 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: virtualservices.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - singular: virtualservice - shortNames: - - vs - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: destinationrules.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - singular: destinationrule - shortNames: - - dr - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: serviceentries.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - singular: serviceentry - shortNames: - - se - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: gateways.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: Gateway - plural: gateways - singular: gateway - shortNames: - - gw - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: envoyfilters.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: EnvoyFilter - plural: envoyfilters - singular: envoyfilter - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: clusterrbacconfigs.rbac.istio.io - labels: - app: istio-pilot - istio: rbac - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: rbac.istio.io - names: - kind: ClusterRbacConfig - plural: clusterrbacconfigs - singular: clusterrbacconfig - categories: - - istio-io - - rbac-istio-io - scope: Cluster - versions: - - name: v1alpha1 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: policies.authentication.istio.io - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: authentication.istio.io - names: - kind: Policy - plural: policies - singular: policy - categories: - - istio-io - - authentication-istio-io - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: meshpolicies.authentication.istio.io - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: authentication.istio.io - names: - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - categories: - - istio-io - - authentication-istio-io - scope: Cluster - versions: - - name: v1alpha1 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: httpapispecbindings.config.istio.io - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: HTTPAPISpecBinding - plural: httpapispecbindings - singular: httpapispecbinding - categories: - - istio-io - - apim-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: httpapispecs.config.istio.io - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: HTTPAPISpec - plural: httpapispecs - singular: httpapispec - categories: - - istio-io - - apim-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: quotaspecbindings.config.istio.io - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: QuotaSpecBinding - plural: quotaspecbindings - singular: quotaspecbinding - categories: - - istio-io - - apim-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: quotaspecs.config.istio.io - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: QuotaSpec - plural: quotaspecs - singular: quotaspec - categories: - - istio-io - - apim-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rules.config.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: core - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: rule - plural: rules - singular: rule - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: attributemanifests.config.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: core - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rbacconfigs.rbac.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: rbac - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: rbac.istio.io - names: - kind: RbacConfig - plural: rbacconfigs - singular: rbacconfig - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: serviceroles.rbac.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: rbac - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: rbac.istio.io - names: - kind: ServiceRole - plural: serviceroles - singular: servicerole - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: servicerolebindings.rbac.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: rbac - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: rbac.istio.io - names: - kind: ServiceRoleBinding - plural: servicerolebindings - singular: servicerolebinding - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-11.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-11.yaml deleted file mode 100644 index 5087d38fa..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-11.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: sidecars.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: Sidecar - plural: sidecars - singular: sidecar - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true ---- diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-12.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-12.yaml deleted file mode 100644 index d9b337244..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-12.yaml +++ /dev/null @@ -1,24 +0,0 @@ -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: authorizationpolicies.rbac.istio.io - labels: - app: istio-pilot - istio: rbac - heritage: Tiller - release: istio -spec: - group: rbac.istio.io - names: - kind: AuthorizationPolicy - plural: authorizationpolicies - singular: authorizationpolicy - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true ---- diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-certmanager-10.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-certmanager-10.yaml deleted file mode 100644 index d3a3069e8..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-certmanager-10.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs ---- diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-certmanager-11.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-certmanager-11.yaml deleted file mode 100644 index f63787b68..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/files/crd-certmanager-11.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced ---- diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/clusterrole.yaml deleted file mode 100644 index 881800435..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-init-{{ .Release.Namespace }} - labels: - app: istio-init - istio: init -rules: -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "get", "list", "watch", "patch", "delete"] diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/clusterrolebinding.yaml deleted file mode 100644 index 481674c0e..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-init-admin-role-binding-{{ .Release.Namespace }} - labels: - app: istio-init - istio: init -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-init-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-init-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-10.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-10.yaml deleted file mode 100644 index 69e37fa14..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-10.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: istio-crd-10 -data: - crd-10.yaml: |- -{{.Files.Get "files/crd-10.yaml" | printf "%s" | indent 4}} diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-11.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-11.yaml deleted file mode 100644 index 952640d60..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-11.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: istio-crd-11 -data: - crd-11.yaml: |- -{{.Files.Get "files/crd-11.yaml" | printf "%s" | indent 4}} diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-12.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-12.yaml deleted file mode 100644 index a49736534..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-12.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: istio-crd-12 -data: - crd-12.yaml: |- -{{.Files.Get "files/crd-12.yaml" | printf "%s" | indent 4}} diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-certmanager-10.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-certmanager-10.yaml deleted file mode 100644 index 8ab3e8356..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-certmanager-10.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: istio-crd-certmanager-10 -data: - crd-certmanager-10.yaml: |- -{{.Files.Get "files/crd-certmanager-10.yaml" | printf "%s" | indent 4}} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-certmanager-11.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-certmanager-11.yaml deleted file mode 100644 index beef3043d..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/configmap-crd-certmanager-11.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: istio-crd-certmanager-11 -data: - crd-certmanager-11.yaml: |- -{{.Files.Get "files/crd-certmanager-11.yaml" | printf "%s" | indent 4}} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-10.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-10.yaml deleted file mode 100644 index 4864dcfb4..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-10.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-crd-10 - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "-5" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-10 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-10 - mountPath: /etc/istio/crd-10 - readOnly: true - command: ["kubectl", "apply", "-f", "/etc/istio/crd-10/crd-10.yaml"] - volumes: - - name: crd-10 - configMap: - name: istio-crd-10 - restartPolicy: OnFailure - -{{- if .Values.deleteCRDs }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-delete-crd-10 - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-10 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-10 - mountPath: /etc/istio/crd-10 - readOnly: true - command: ["kubectl", "delete", "-f", "/etc/istio/crd-10/crd-10.yaml"] - volumes: - - name: crd-10 - configMap: - name: istio-crd-10 - restartPolicy: Never - backoffLimit: 1 -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-11.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-11.yaml deleted file mode 100644 index 4fd74f483..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-11.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-crd-11 - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "-5" -spec: - ttlSecondsAfterFinished: 100 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-11 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-11 - mountPath: /etc/istio/crd-11 - readOnly: true - command: ["kubectl", "apply", "-f", "/etc/istio/crd-11/crd-11.yaml"] - volumes: - - name: crd-11 - configMap: - name: istio-crd-11 - restartPolicy: OnFailure - -{{- if .Values.deleteCRDs }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-delete-crd-11 - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-11 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-11 - mountPath: /etc/istio/crd-11 - readOnly: true - command: ["kubectl", "delete", "-f", "/etc/istio/crd-11/crd-11.yaml"] - volumes: - - name: crd-11 - configMap: - name: istio-crd-11 - restartPolicy: Never - backoffLimit: 1 -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-12.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-12.yaml deleted file mode 100644 index b51f9687c..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-12.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-crd-12 - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "-5" -spec: - ttlSecondsAfterFinished: 100 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-12 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-12 - mountPath: /etc/istio/crd-12 - readOnly: true - command: ["kubectl", "apply", "-f", "/etc/istio/crd-12/crd-12.yaml"] - volumes: - - name: crd-12 - configMap: - name: istio-crd-12 - restartPolicy: OnFailure - -{{- if .Values.deleteCRDs }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-delete-crd-12 - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-12 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-12 - mountPath: /etc/istio/crd-12 - readOnly: true - command: ["kubectl", "delete", "-f", "/etc/istio/crd-12/crd-12.yaml"] - volumes: - - name: crd-12 - configMap: - name: istio-crd-12 - restartPolicy: Never - backoffLimit: 1 -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-certmanager-10.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-certmanager-10.yaml deleted file mode 100644 index fc8209973..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-certmanager-10.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-crd-certmanager-10 - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "-5" -spec: - ttlSecondsAfterFinished: 100 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-certmanager-10 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-certmanager-10 - mountPath: /etc/istio/crd-certmanager-10 - readOnly: true - command: ["kubectl", "apply", "-f", "/etc/istio/crd-certmanager-10/crd-certmanager-10.yaml"] - volumes: - - name: crd-certmanager-10 - configMap: - name: istio-crd-certmanager-10 - restartPolicy: OnFailure - -{{- if .Values.deleteCRDs }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-delete-crd-certmanager-10 - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-certmanager-10 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-certmanager-10 - mountPath: /etc/istio/crd-certmanager-10 - readOnly: true - command: ["kubectl", "delete", "-f", "/etc/istio/crd-certmanager-10/crd-certmanager-10.yaml"] - volumes: - - name: crd-certmanager-10 - configMap: - name: istio-crd-certmanager-10 - restartPolicy: Never - backoffLimit: 1 -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-certmanager-11.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-certmanager-11.yaml deleted file mode 100644 index ba1af684c..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/job-crd-certmanager-11.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-crd-certmanager-11 - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "-5" -spec: - ttlSecondsAfterFinished: 100 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-certmanager-11 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-certmanager-11 - mountPath: /etc/istio/crd-certmanager-11 - readOnly: true - command: ["kubectl", "apply", "-f", "/etc/istio/crd-certmanager-11/crd-certmanager-11.yaml"] - volumes: - - name: crd-certmanager-11 - configMap: - name: istio-crd-certmanager-11 - restartPolicy: OnFailure - -{{- if .Values.deleteCRDs }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-delete-crd-certmanager-11 - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - "helm.sh/hook": "post-delete" - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-certmanager-11 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-certmanager-11 - mountPath: /etc/istio/crd-certmanager-11 - readOnly: true - command: ["kubectl", "delete", "-f", "/etc/istio/crd-certmanager-11/crd-certmanager-11.yaml"] - volumes: - - name: crd-certmanager-11 - configMap: - name: istio-crd-certmanager-11 - restartPolicy: Never - backoffLimit: 1 -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/templates/serviceaccount.yaml deleted file mode 100644 index 314666293..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-init-service-account - namespace: {{ .Release.Namespace }} - labels: - app: istio-init - istio: init - diff --git a/charts/rancher-istio/0.1.0/charts/istio-init/values.yaml b/charts/rancher-istio/0.1.0/charts/istio-init/values.yaml deleted file mode 100644 index f9aa2f42c..000000000 --- a/charts/rancher-istio/0.1.0/charts/istio-init/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -certmanager: - enabled: false -deleteCRDs: true diff --git a/charts/rancher-istio/0.1.0/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/0.1.0/charts/istiocoredns/Chart.yaml deleted file mode 100644 index fa0481467..000000000 --- a/charts/rancher-istio/0.1.0/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -version: 1.1.0 -appVersion: 0.1 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100644 index e7add11bb..000000000 --- a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100644 index 4242a327f..000000000 --- a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100644 index bafd0ca3b..000000000 --- a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/configmap.yaml deleted file mode 100644 index 50d166fe5..000000000 --- a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - prometheus :9153 - proxy . /etc/resolv.conf - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/deployment.yaml deleted file mode 100644 index 81f0c26b3..000000000 --- a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/service.yaml deleted file mode 100644 index a6311017c..000000000 --- a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100644 index e2627cf45..000000000 --- a/charts/rancher-istio/0.1.0/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.0/charts/istiocoredns/values.yaml b/charts/rancher-istio/0.1.0/charts/istiocoredns/values.yaml deleted file mode 100644 index 1667efc2a..000000000 --- a/charts/rancher-istio/0.1.0/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/0.1.0/charts/kiali/Chart.yaml b/charts/rancher-istio/0.1.0/charts/kiali/Chart.yaml deleted file mode 100644 index 9d6ac19a8..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. -name: kiali -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/kiali/templates/_helpers.tpl deleted file mode 100644 index 6b0095769..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/charts/kiali/templates/clusterrole.yaml deleted file mode 100644 index d9091a0b9..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,267 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: ["config.istio.io"] - resources: - - adapters - - apikeys - - bypasses - - authorizations - - checknothings - - circonuses - - cloudwatches - - deniers - - dogstatsds - - edges - - fluentds - - handlers - - instances - - kubernetesenvs - - kuberneteses - - listcheckers - - listentries - - logentries - - memquotas - - metrics - - noops - - opas - - prometheuses - - quotas - - quotaspecbindings - - quotaspecs - - rbacs - - redisquotas - - reportnothings - - rules - - signalfxs - - solarwindses - - stackdrivers - - statsds - - stdios - - templates - - tracespans - - zipkins - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["networking.istio.io"] - resources: - - destinationrules - - gateways - - serviceentries - - sidecars - - virtualservices - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["authentication.istio.io"] - resources: - - meshpolicies - - policies - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["rbac.istio.io"] - resources: - - clusterrbacconfigs - - rbacconfigs - - servicerolebindings - - serviceroles - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: ["config.istio.io"] - resources: - - adapters - - apikeys - - bypasses - - authorizations - - checknothings - - circonuses - - cloudwatches - - deniers - - dogstatsds - - edges - - fluentds - - handlers - - instances - - kubernetesenvs - - kuberneteses - - listcheckers - - listentries - - logentries - - memquotas - - metrics - - noops - - opas - - prometheuses - - quotas - - quotaspecbindings - - quotaspecs - - rbacs - - redisquotas - - reportnothings - - rules - - signalfxs - - solarwindses - - stackdrivers - - statsds - - stdios - - templates - - tracespans - - zipkins - verbs: - - get - - list - - watch -- apiGroups: ["networking.istio.io"] - resources: - - destinationrules - - gateways - - serviceentries - - sidecars - - virtualservices - verbs: - - get - - list - - watch -- apiGroups: ["authentication.istio.io"] - resources: - - meshpolicies - - policies - verbs: - - get - - list - - watch -- apiGroups: ["rbac.istio.io"] - resources: - - clusterrbacconfigs - - rbacconfigs - - servicerolebindings - - serviceroles - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.0/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100644 index 881796716..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/0.1.0/charts/kiali/templates/configmap.yaml deleted file mode 100644 index e9ab816fc..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - server: - port: 20001 - external_services: - tracing: - {{- if .Values.dashboard.jaegerURL }} - url: {{ .Values.dashboard.jaegerURL }} - {{- else }} - url: http://tracing.istio-system:80 - {{- end }} - grafana: - {{- if eq .Values.global.monitoring.type "cluster-monitoring" }} - url: https://{{ .Values.global.rancher.domain }}/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/cattle-prometheus/services/http:access-grafana:80/proxy// - in_cluster_url: http://access-grafana.cattle-prometheus:80 - {{- else if eq .Values.global.monitoring.type "built-in" }} - {{- if and .Values.global.rancher (and .Values.global.rancher.domain .Values.global.rancher.clusterId) }} - url: https://{{ .Values.global.rancher.domain }}/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:grafana:80/proxy// - in_cluster_url: http://access-grafana.cattle-prometheus:80 - {{- end }} - {{- else }} - {{- if .Values.dashboard.grafanaURL }} - url: {{ .Values.dashboard.grafanaURL }} - {{- end }} - {{- end }} - prometheus: - {{- if eq .Values.global.monitoring.type "cluster-monitoring" }} - url: "http://access-prometheus.cattle-prometheus:80" - {{- else }} - url: {{ .Values.prometheusAddr }} - {{- end }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/kiali/templates/deployment.yaml deleted file mode 100644 index 5b9581ece..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: TRACING_INSECURE_SKIP_VERIFY - value: "true" - - name: GRAFANA_INSECURE_SKIP_VERIFY - value: "true" - - name: TRACING_ENABLED - value: "false" - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: AUTH_STRATEGY - value: {{ .Values.dashboard.authStrategy }} - - name: SERVER_CREDENTIALS_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.dashboard.secretName }} - key: username - optional: true - - name: SERVER_CREDENTIALS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.dashboard.secretName }} - key: passphrase - optional: true -{{- if .Values.contextPath }} - - name: SERVER_WEB_ROOT - value: {{ .Values.contextPath }} -{{- end }} - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: kiali-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.nginxProxy.repository }}:{{ .Values.global.nginxProxy.tag }}" - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - mountPath: /nginx/ - name: kiali-nginx - {{- if and .Values.resources .Values.resources.proxy }} - resources: -{{ toYaml .Values.resources.proxy | indent 10 }} - {{- end }} - volumes: - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-nginx - configMap: - name: kiali-nginx - items: - - key: nginx.conf - mode: 438 - path: nginx.conf - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/0.1.0/charts/kiali/templates/ingress.yaml deleted file mode 100644 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/nginx-configmap.yaml b/charts/rancher-istio/0.1.0/charts/kiali/templates/nginx-configmap.yaml deleted file mode 100644 index 80e9a34f4..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/nginx-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-nginx - namespace: {{ .Release.Namespace }} - labels: - app: kiali-nginx - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: |- - user nginx; - worker_processes auto; - error_log /dev/stdout warn; - pid /var/run/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - server { - listen 80; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; - - proxy_pass http://localhost:20001/; - sub_filter_types application/javascript; - sub_filter_once on; - sub_filter "// This file is intentionally left bank." "window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali-http:80/proxy';"; - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - } - } - } diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/secret.yaml b/charts/rancher-istio/0.1.0/charts/kiali/templates/secret.yaml deleted file mode 100644 index f99bb4153..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: {{ .Values.dashboard.username | b64enc | quote }} - passphrase: {{ .Values.dashboard.passphrase | b64enc | quote }} diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/kiali/templates/service.yaml deleted file mode 100644 index 5e5ee5116..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: ClusterIP - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali ---- -apiVersion: v1 -kind: Service -metadata: - name: kiali-http - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - kubernetes.io/cluster-service: "true" -spec: - type: {{ .Values.service.type }} - ports: - - name: http-access-kiali - protocol: TCP - port: 80 - selector: - app: kiali diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/kiali/templates/serviceaccount.yaml deleted file mode 100644 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.0/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/0.1.0/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100644 index e2a1ff671..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/kiali/values.yaml b/charts/rancher-istio/0.1.0/charts/kiali/values.yaml deleted file mode 100644 index d2aca56a7..000000000 --- a/charts/rancher-istio/0.1.0/charts/kiali/values.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -contextPath: / -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard” vs. "soft” requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security” and value "S1”. -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - # login/anonymous - authStrategy: anonymous - username: admin - passphrase: admin - - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. - - -prometheusAddr: http://prometheus:9090 - -service: - type: ClusterIP - -resources: {} - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/mixer/Chart.yaml b/charts/rancher-istio/0.1.0/charts/mixer/Chart.yaml deleted file mode 100644 index 89c54c0a4..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: mixer -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for mixer deployment -keywords: - - istio - - mixer -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.0/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/mixer/templates/_helpers.tpl deleted file mode 100644 index dac6da036..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/0.1.0/charts/mixer/templates/autoscale.yaml deleted file mode 100644 index 377b47d03..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/charts/mixer/templates/clusterrole.yaml deleted file mode 100644 index 3d7438f2d..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.0/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100644 index 773e68b34..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/mixer/templates/config.yaml b/charts/rancher-istio/0.1.0/charts/mixer/templates/config.yaml deleted file mode 100644 index 43b2c5ced..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1088 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: request.scheme | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | request.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | request.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | request.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | request.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - {{- if .Values.global.controlPlaneSecurityEnabled }} - portLevelSettings: - - port: - number: 15004 - tls: - mode: ISTIO_MUTUAL - {{- end}} - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - {{- if .Values.global.controlPlaneSecurityEnabled }} - portLevelSettings: - - port: - number: 15004 - tls: - mode: ISTIO_MUTUAL - {{- end}} - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/mixer/templates/deployment.yaml deleted file mode 100644 index fdca47f70..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,402 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - {{- if .Values.env }} - env: - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/0.1.0/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.0/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100644 index a6bfe8668..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/mixer/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/mixer/templates/service.yaml deleted file mode 100644 index 79cc4a582..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/0.1.0/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/mixer/templates/serviceaccount.yaml deleted file mode 100644 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/mixer/values.yaml b/charts/rancher-istio/0.1.0/charts/mixer/values.yaml deleted file mode 100644 index f443cfd0e..000000000 --- a/charts/rancher-istio/0.1.0/charts/mixer/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# -# mixer configuration -# -env: - GODEBUG: gctrace=1 - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/0.1.0/charts/nodeagent/Chart.yaml b/charts/rancher-istio/0.1.0/charts/nodeagent/Chart.yaml deleted file mode 100644 index 9ba4eeb44..000000000 --- a/charts/rancher-istio/0.1.0/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: nodeagent -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for nodeagent deployment -keywords: - - istio - - nodeagent -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.0/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/nodeagent/templates/_helpers.tpl deleted file mode 100644 index fda6043d0..000000000 --- a/charts/rancher-istio/0.1.0/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100644 index 9127b05e3..000000000 --- a/charts/rancher-istio/0.1.0/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.0/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100644 index 963757e72..000000000 --- a/charts/rancher-istio/0.1.0/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/0.1.0/charts/nodeagent/templates/daemonset.yaml deleted file mode 100644 index fa69cfc97..000000000 --- a/charts/rancher-istio/0.1.0/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeAgent.repository }}:{{ $.Values.global.nodeAgent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100644 index b52f852d8..000000000 --- a/charts/rancher-istio/0.1.0/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/nodeagent/values.yaml b/charts/rancher-istio/0.1.0/charts/nodeagent/values.yaml deleted file mode 100644 index a01894fe3..000000000 --- a/charts/rancher-istio/0.1.0/charts/nodeagent/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -env: - # name of authentication provider. - CA_PROVIDER: "" - # CA endpoint. - CA_ADDR: "" - # names of authentication provider's plugins. - PLUGINS: "" -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard” vs. "soft” requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security” and value "S1”. -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/0.1.0/charts/pilot/Chart.yaml b/charts/rancher-istio/0.1.0/charts/pilot/Chart.yaml deleted file mode 100644 index 4ce44386e..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: pilot -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for pilot deployment -keywords: - - istio - - pilot -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.0/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/pilot/templates/_helpers.tpl deleted file mode 100644 index c812c3709..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/0.1.0/charts/pilot/templates/autoscale.yaml deleted file mode 100644 index 1a9945136..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/charts/pilot/templates/clusterrole.yaml deleted file mode 100644 index cd7464c1e..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["*"] -- apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes", "secrets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/0.1.0/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.0/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100644 index ef9281ca8..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.0/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/pilot/templates/deployment.yaml deleted file mode 100644 index 4441553be..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,215 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - checksum/config-volume: {{ template "istio.configmap.checksum" . }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 30 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/0.1.0/charts/pilot/templates/meshexpansion.yaml deleted file mode 100644 index 4f3d59570..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/0.1.0/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.0/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100644 index fd9e06a71..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/pilot/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/pilot/templates/service.yaml deleted file mode 100644 index a61d93025..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/0.1.0/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/pilot/templates/serviceaccount.yaml deleted file mode 100644 index 7ec2a66de..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.0/charts/pilot/values.yaml b/charts/rancher-istio/0.1.0/charts/pilot/values.yaml deleted file mode 100644 index 85257a4aa..000000000 --- a/charts/rancher-istio/0.1.0/charts/pilot/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 - GODEBUG: gctrace=1 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/Chart.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/Chart.yaml deleted file mode 100644 index 6431a43dd..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: prometheus -version: 1.1.0 -appVersion: 2.8.0 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/prometheus/templates/_helpers.tpl deleted file mode 100644 index 039388329..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/templates/clusterrole.yaml deleted file mode 100644 index 705b05e00..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100644 index 7153eee15..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/templates/configmap.yaml deleted file mode 100644 index ee257951c..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,283 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/templates/deployment.yaml deleted file mode 100644 index 2031282e1..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - - name: prometheus-nginx - command: - - /bin/sh - - -c - - cp /nginx/run-sh.tmpl /var/run/nginx-start.sh; chmod +x /var/run/nginx-start.sh; /var/run/nginx-start.sh - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - image: "{{ template "system_default_registry" . }}{{ .Values.global.nginxProxy.repository }}:{{ .Values.global.nginxProxy.tag }}" - ports: - - containerPort: 80 - name: http - protocol: TCP - {{- if and .Values.resources .Values.resources.proxy }} - resources: - {{ toYaml .Values.resources.proxy | indent 6 }} - {{- end }} - securityContext: - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /nginx - name: prometheus-nginx - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - - name: prometheus-nginx - configMap: - name: {{ template "prometheus.chart" . }}-nginx - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/templates/ingress.yaml deleted file mode 100644 index 8bd400a26..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/templates/nginx-configmap.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/templates/nginx-configmap.yaml deleted file mode 100644 index acdb95fbc..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/templates/nginx-configmap.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus-nginx - labels: - app: prometheus-nginx - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - run-sh.tmpl: |- - #!/bin/sh - set -e - - srcpath="/nginx/nginx-conf.tmpl" - dstpath="/var/run/nginx.conf" - - if ! [ -f $srcpath ]; then - exit 1 - fi - - token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) - sed "s/REPLACE_PARAM_AUTHORIZATION/Bearer ${token}/g" $srcpath | sed "s/REPLACE_PARAM_IP/${POD_IP}/g" > $dstpath - - exec nginx -g "daemon off;" -c /var/run/nginx.conf - - nginx-conf.tmpl: |- - user nginx; - worker_processes auto; - error_log /dev/stdout warn; - pid /var/run/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - server { - listen 80; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - proxy_set_header Authorization "REPLACE_PARAM_AUTHORIZATION"; - proxy_pass_header Authorization; - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; - - proxy_pass http://REPLACE_PARAM_IP:9090/; - - sub_filter_types text/html; - sub_filter_once off; - sub_filter 'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";'; - - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - } - } - } -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/templates/service.yaml deleted file mode 100644 index 25484ff1c..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: ClusterIP - selector: - app: prometheus - ports: - - name: prometheus - protocol: TCP - port: 9090 ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-http - namespace: {{ .Release.Namespace }} - annotations: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - kubernetes.io/cluster-service: "true" -spec: - type: ClusterIP - selector: - app: prometheus - ports: - - name: access-prometheus - protocol: TCP - port: 80 -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100644 index 1f30e134e..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100644 index c36ce3f5c..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/prometheus/values.yaml b/charts/rancher-istio/0.1.0/charts/prometheus/values.yaml deleted file mode 100644 index 9f688c73f..000000000 --- a/charts/rancher-istio/0.1.0/charts/prometheus/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 - -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard” vs. "soft” requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security” and value "S1”. -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true - -resources: {} diff --git a/charts/rancher-istio/0.1.0/charts/security/Chart.yaml b/charts/rancher-istio/0.1.0/charts/security/Chart.yaml deleted file mode 100644 index 6cafffacd..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: security -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for istio authentication -keywords: - - istio - - security -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/security/templates/_helpers.tpl deleted file mode 100644 index 7f36f9d51..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/clusterrole.yaml deleted file mode 100644 index 75f2dec65..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/clusterrolebinding.yaml deleted file mode 100644 index 0a15799ce..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/configmap.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/configmap.yaml deleted file mode 100644 index 14749fd65..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100644 index 469e51667..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/deployment.yaml deleted file mode 100644 index 2e282eb6d..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100644 index 75e4a18e3..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100644 index a6931b3b9..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/meshexpansion.yaml deleted file mode 100644 index 581ce964a..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/service.yaml deleted file mode 100644 index efea17544..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/serviceaccount.yaml deleted file mode 100644 index d07d566fa..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.0/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/0.1.0/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100644 index 481b486de..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/security/values.yaml b/charts/rancher-istio/0.1.0/charts/security/values.yaml deleted file mode 100644 index fa150d04d..000000000 --- a/charts/rancher-istio/0.1.0/charts/security/values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100644 index 878802962..000000000 --- a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: sidecarInjectorWebhook -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for sidecar injector webhook deployment -keywords: - - istio - - sidecarInjectorWebhook -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100644 index f3b9fb15b..000000000 --- a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100644 index 27f9acb51..000000000 --- a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] diff --git a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100644 index 748a93244..000000000 --- a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100644 index 83d876cc8..000000000 --- a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,106 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/health - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: - secretName: istio.istio-sidecar-injector-service-account - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100644 index a30dd38e5..000000000 --- a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} - diff --git a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100644 index 51fb3fc3e..000000000 --- a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100644 index 537e6f960..000000000 --- a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100644 index d4020b517..000000000 --- a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100644 index c2431ff0c..000000000 --- a/charts/rancher-istio/0.1.0/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: false - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/charts/tracing/.helmignore b/charts/rancher-istio/0.1.0/charts/tracing/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/0.1.0/charts/tracing/Chart.yaml b/charts/rancher-istio/0.1.0/charts/tracing/Chart.yaml deleted file mode 100644 index c95789ed7..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: tracing -version: 1.1.0 -appVersion: 1.5.1 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.0/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/charts/tracing/templates/_helpers.tpl deleted file mode 100644 index e246b59b1..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/0.1.0/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100644 index eec39d326..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,143 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "16686" -{{- if .Values.contextPath }} - prometheus.io/path: "{{ .Values.contextPath }}/metrics" -{{- else }} - prometheus.io/path: "/{{ .Values.provider }}/metrics" -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 16686 - readinessProbe: - httpGet: - path: / - port: 16686 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - - name: jaeger-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.nginxProxy.repository }}:{{ .Values.global.nginxProxy.tag }}" - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - mountPath: /nginx/ - name: tracing-nginx - {{- if and .Values.jaeger.proxy .Values.jaeger.proxy.resources }} - resources: - {{ toYaml .Values.jaeger.proxy.resources | indent 12 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: tracing-nginx - configMap: - name: tracing-nginx - items: - - key: nginx.conf - mode: 438 - path: nginx.conf -{{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/0.1.0/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/0.1.0/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100644 index ac74cae8b..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - - name: zipkin-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.nginxProxy.repository }}:{{ .Values.global.nginxProxy.tag }}" - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - mountPath: /nginx/ - name: tracing-nginx - {{- if and .Values.zipkin.proxy .Values.zipkin.proxy.resources }} - resources: - {{ toYaml .Values.zipkin.proxy.resources | indent 12 }} - {{- end }} - volumes: - - name: tracing-nginx - configMap: - name: tracing-nginx - items: - - key: nginx.conf - mode: 438 - path: nginx.conf - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/0.1.0/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/0.1.0/charts/tracing/templates/ingress.yaml deleted file mode 100644 index 72f362166..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/charts/tracing/templates/nginx-configmap.yaml b/charts/rancher-istio/0.1.0/charts/tracing/templates/nginx-configmap.yaml deleted file mode 100644 index ccaec64a7..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/templates/nginx-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: tracing-nginx - namespace: {{ .Release.Namespace }} - labels: - app: tracing-nginx - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: |- - user nginx; - worker_processes auto; - error_log /dev/stdout warn; - pid /var/run/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - server { - listen 80; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; -{{ if eq .Values.provider "jaeger" }} - proxy_pass http://localhost:16686/; -{{ else }} - proxy_pass http://localhost:9411/; -{{ end }} - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - } - } - } diff --git a/charts/rancher-istio/0.1.0/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/0.1.0/charts/tracing/templates/pvc.yaml deleted file mode 100644 index 60140494c..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/0.1.0/charts/tracing/templates/service-jaeger.yaml deleted file mode 100644 index 23979baf8..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/0.1.0/charts/tracing/templates/service.yaml b/charts/rancher-istio/0.1.0/charts/tracing/templates/service.yaml deleted file mode 100644 index 7cc9c9cac..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 9411 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - kubernetes.io/cluster-service: "true" - spec: - type: {{ .Values.service.uiType }} - ports: - - name: http-access-tracing - port: 80 - protocol: TCP - targetPort: 80 - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/0.1.0/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/0.1.0/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100644 index 864a34d80..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/charts/tracing/values.yaml b/charts/rancher-istio/0.1.0/charts/tracing/values.yaml deleted file mode 100644 index 0a1e964e3..000000000 --- a/charts/rancher-istio/0.1.0/charts/tracing/values.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - memory: - max_traces: 50000 - proxy: - resources: {} - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - -zipkin: - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - proxy: - resources: {} - -service: - annotations: {} - name: http - type: ClusterIP - uiType: ClusterIP - externalPort: 9411 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/0.1.0/files/injection-template.yaml b/charts/rancher-istio/0.1.0/files/injection-template.yaml deleted file mode 100644 index c0b2c0609..000000000 --- a/charts/rancher-istio/0.1.0/files/injection-template.yaml +++ /dev/null @@ -1,392 +0,0 @@ -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} -{{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }} -initContainers: -{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{- if not .Values.istio_cni.enabled }} -- name: istio-init - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" - {{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- end }} - args: - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" -{{- if .Values.global.proxy.init.resources }} - resources: - {{ toYaml .Values.global.proxy.init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - runAsUser: 0 - runAsNonRoot: false - capabilities: - add: - - NET_ADMIN - {{- if .Values.global.proxy.privileged }} - privileged: true - {{- end }} - restartPolicy: Always -{{- end }} -{{ end -}} -{{- if eq .Values.global.proxy.enableCoreDump true }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - runAsUser: 0 - runAsNonRoot: false - privileged: true -{{ end }} -{{- end }} -containers: -- name: istio-proxy - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- else }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.repository}}:{{ .Values.global.proxy.tag }}" -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsServiceAddress - - "{{ .ProxyConfig.GetEnvoyMetricsService.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ structToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" .Values.global.proxy.statusPort) "0") }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" - - --applicationPorts - - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{if or (ne $index1 0) (ne $index2 0)}},{{end}}{{ structToJSON $p }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multicluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://api/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if .Values.global.proxy.privileged }} - privileged: true - {{- end }} - {{- if ne .Values.global.proxy.enableCoreDump true }} - readOnlyRootFilesystem: true - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - capabilities: - add: - - NET_ADMIN - runAsGroup: 1337 - {{ else -}} - {{ if .Values.global.sds.enabled }} - runAsGroup: 1337 - {{- end }} - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/0.1.0/questions.yml b/charts/rancher-istio/0.1.0/questions.yml deleted file mode 100644 index 421f048e2..000000000 --- a/charts/rancher-istio/0.1.0/questions.yml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v0.1.0: 1.3.1 -rancher_min_version: 2.3.0-rc1 -rancher_max_version: 2.3.3 diff --git a/charts/rancher-istio/0.1.0/requirements.yaml b/charts/rancher-istio/0.1.0/requirements.yaml deleted file mode 100644 index 6aa00054e..000000000 --- a/charts/rancher-istio/0.1.0/requirements.yaml +++ /dev/null @@ -1,43 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.1.0 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.1.0 - condition: security.enabled - - name: gateways - version: 1.1.0 - condition: gateways.enabled - - name: mixer - version: 1.1.0 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.1.0 - condition: nodeagent.enabled - - name: pilot - version: 1.1.0 - condition: pilot.enabled - - name: grafana - version: 1.1.0 - condition: grafana.enabled - - name: prometheus - version: 1.1.0 - condition: prometheus.enabled - - name: tracing - version: 1.1.0 - condition: tracing.enabled - - name: galley - version: 1.1.0 - condition: galley.enabled - - name: kiali - version: 1.1.0 - condition: kiali.enabled - - name: istiocoredns - version: 1.1.0 - condition: istiocoredns.enabled - - name: certmanager - version: 1.1.0 - condition: certmanager.enabled - - name: istio-init - version: 1.1.0 - condition: istio-init.enabled diff --git a/charts/rancher-istio/0.1.0/templates/NOTES.txt b/charts/rancher-istio/0.1.0/templates/NOTES.txt deleted file mode 100644 index 3b323594c..000000000 --- a/charts/rancher-istio/0.1.0/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/0.1.0/templates/_affinity.tpl b/charts/rancher-istio/0.1.0/templates/_affinity.tpl deleted file mode 100644 index ecc3a905f..000000000 --- a/charts/rancher-istio/0.1.0/templates/_affinity.tpl +++ /dev/null @@ -1,97 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/os - operator: In - values: - - linux - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/templates/_helpers.tpl b/charts/rancher-istio/0.1.0/templates/_helpers.tpl deleted file mode 100644 index 955c2ae38..000000000 --- a/charts/rancher-istio/0.1.0/templates/_helpers.tpl +++ /dev/null @@ -1,55 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Configmap checksum. -*/}} -{{- define "istio.configmap.checksum" -}} -{{- print $.Template.BasePath "/configmap.yaml" | sha256sum -}} -{{- end -}} - - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.0/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/0.1.0/templates/_podDisruptionBudget.tpl deleted file mode 100644 index ebb86068c..000000000 --- a/charts/rancher-istio/0.1.0/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/0.1.0/templates/clusterrole.yaml b/charts/rancher-istio/0.1.0/templates/clusterrole.yaml deleted file mode 100644 index b92c9ef8b..000000000 --- a/charts/rancher-istio/0.1.0/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/0.1.0/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.0/templates/clusterrolebinding.yaml deleted file mode 100644 index 827601b3d..000000000 --- a/charts/rancher-istio/0.1.0/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.0/templates/configmap.yaml b/charts/rancher-istio/0.1.0/templates/configmap.yaml deleted file mode 100644 index 063f2aa76..000000000 --- a/charts/rancher-istio/0.1.0/templates/configmap.yaml +++ /dev/null @@ -1,307 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by the Mixer. - # Note that metrics will still be reported to the Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/templates/crd-certmanager.yaml b/charts/rancher-istio/0.1.0/templates/crd-certmanager.yaml deleted file mode 100644 index f89f479e1..000000000 --- a/charts/rancher-istio/0.1.0/templates/crd-certmanager.yaml +++ /dev/null @@ -1,164 +0,0 @@ -{{- if and .Values.enableCRDs .Values.certmanager.enabled }} -{{- if not (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - version: v1alpha1 - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/templates/crds.yaml b/charts/rancher-istio/0.1.0/templates/crds.yaml deleted file mode 100644 index d142e7756..000000000 --- a/charts/rancher-istio/0.1.0/templates/crds.yaml +++ /dev/null @@ -1,173 +0,0 @@ -{{- if .Values.enableCRDs -}} -{{- if not (.Capabilities.APIVersions.Has "networking.istio.io/v1alpha3") }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: destinationrules.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: networking.istio.io - names: - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - singular: destinationrule - shortNames: - - dr - categories: - - istio-io - - networking-istio-io - scope: Namespaced - version: v1alpha3 - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date -{{- end }} ---- -{{- if not (.Capabilities.APIVersions.Has "config.istio.io/v1alpha2") }} -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: attributemanifests.config.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: core - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: config.istio.io - names: - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rules.config.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: core - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: config.istio.io - names: - kind: rule - plural: rules - singular: rule - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rules.config.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: core - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: config.istio.io - names: - kind: rule - plural: rules - singular: rule - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/templates/endpoints.yaml b/charts/rancher-istio/0.1.0/templates/endpoints.yaml deleted file mode 100644 index 81b821853..000000000 --- a/charts/rancher-istio/0.1.0/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/0.1.0/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/0.1.0/templates/install-custom-resources.sh.tpl deleted file mode 100644 index a5525a139..000000000 --- a/charts/rancher-istio/0.1.0/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/0.1.0/templates/istio-service-rbac.yaml b/charts/rancher-istio/0.1.0/templates/istio-service-rbac.yaml deleted file mode 100644 index 7f883b0d5..000000000 --- a/charts/rancher-istio/0.1.0/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali-http:80", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.0/templates/service.yaml b/charts/rancher-istio/0.1.0/templates/service.yaml deleted file mode 100644 index 732cdefd2..000000000 --- a/charts/rancher-istio/0.1.0/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/0.1.0/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.0/templates/serviceaccount.yaml deleted file mode 100644 index e52d9eb9c..000000000 --- a/charts/rancher-istio/0.1.0/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.0/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/0.1.0/templates/sidecar-injector-configmap.yaml deleted file mode 100644 index 135b7fbad..000000000 --- a/charts/rancher-istio/0.1.0/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} -{{- end }} diff --git a/charts/rancher-istio/0.1.0/values.yaml b/charts/rancher-istio/0.1.0/values.yaml deleted file mode 100644 index 84de2f1d5..000000000 --- a/charts/rancher-istio/0.1.0/values.yaml +++ /dev/null @@ -1,636 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -enableCRDs: true - -istio-init: - enable: true - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: "1.3.1" - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.3.1 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml, it takes precedence -mixer: - repository: rancher/istio-mixer - tag: "1.3.1" - enabled: true - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: "1.3.1" - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: "1.3.1" - enabled: true - -# -# nodeagent configuration -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - repository: rancher/grafana-grafana - tag: 6.3.2 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.11.1 - enabled: true - -# -# addon jaeger tracing configuration -# -tracing: - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.12 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - enabled: true - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.4.2 - enabled: true - -# -# addon certmanager configuration -# -certmanager: - enabled: false - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.1.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Common settings used among istio subcharts. -global: - # Specify members that can access istio service proxy - # members: - # - kind: User - # name: u-abcba - # - kind: Group - # name: github_org://1234567 - # Specify rancher domain and clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - domain: - clusterId: - - systemDefaultRegistry: "" - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Daily builds from prow are on gcr.io, and nightly builds from circle on docker.io/istionightly - # hub: gcr.io/istio-release - hub: docker.io/istio - - # Default tag for Istio images. - # tag: release-1.1-latest-daily - tag: 1.3.1 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.3.1 - - # monitoring port used by mixer, pilot, galley - monitoringPort: 15014 - - nginxProxy: - repository: rancher/nginx - tag: 1.15.8-alpine - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - repository: rancher/istio-proxyv2 - tag: 1.3.1 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - repository: rancher/istio-proxy_init - tag: "1.3.1" - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "[[ valueOrDefault .DeploymentMeta.Namespace \"default\" ]].global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - nodeAgent: - repository: rancher/istio-node-agent-k8s - tag: "1.3.1" - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Specify the monitoring server config of istio - monitoring: - # options includes built-in, cluster-monitoring and custom, default to internal - type: built-in diff --git a/charts/rancher-istio/0.1.1/.helmignore b/charts/rancher-istio/0.1.1/.helmignore deleted file mode 100644 index f7595a6fa..000000000 --- a/charts/rancher-istio/0.1.1/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -tests/ diff --git a/charts/rancher-istio/0.1.1/Chart.yaml b/charts/rancher-istio/0.1.1/Chart.yaml deleted file mode 100644 index f4032cad6..000000000 --- a/charts/rancher-istio/0.1.1/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -name: rancher-istio -version: 0.1.1 -appVersion: 1.3.3 -tillerVersion: ">=2.7.2-0" -description: Helm chart for all istio components -home: https://istio.io/ -keywords: - - istio - - security - - sidecarInjectorWebhook - - mixer - - pilot - - galley -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -maintainers: - - name: istio diff --git a/charts/rancher-istio/0.1.1/LICENSE b/charts/rancher-istio/0.1.1/LICENSE deleted file mode 100644 index 56df9b297..000000000 --- a/charts/rancher-istio/0.1.1/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/0.1.1/README.md b/charts/rancher-istio/0.1.1/README.md deleted file mode 100644 index de67ba20b..000000000 --- a/charts/rancher-istio/0.1.1/README.md +++ /dev/null @@ -1,140 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - - - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - ``` - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - ``` - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - ``` - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - ``` - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - ``` - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - ``` - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - ``` - $ helm delete istio - ``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - ``` - $ helm delete --purge istio - ``` diff --git a/charts/rancher-istio/0.1.1/app-readme.md b/charts/rancher-istio/0.1.1/app-readme.md deleted file mode 100644 index 1cab4a4f5..000000000 --- a/charts/rancher-istio/0.1.1/app-readme.md +++ /dev/null @@ -1,25 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/overview.html) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple istio components as subcharts: -- gateways -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- tracing(jaeger) -- kiali -- grafana -- prometheus - -To enable or disable each component, change the corresponding `enabled` flag. - -Notes: You will need to apply `kubectl label namespace $your-namesapce istio-injection=enabled` to enabled automatic sidecar injection of your desired kubernetes namespaces. diff --git a/charts/rancher-istio/0.1.1/charts/certmanager/Chart.yaml b/charts/rancher-istio/0.1.1/charts/certmanager/Chart.yaml deleted file mode 100644 index b83f4d1e3..000000000 --- a/charts/rancher-istio/0.1.1/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: certmanager -version: 1.1.0 -appVersion: 0.6.2 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.1/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/0.1.1/charts/certmanager/templates/NOTES.txt deleted file mode 100644 index 0307ede4c..000000000 --- a/charts/rancher-istio/0.1.1/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/certmanager/templates/_helpers.tpl deleted file mode 100644 index 331a91d43..000000000 --- a/charts/rancher-istio/0.1.1/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/certmanager/templates/deployment.yaml deleted file mode 100644 index 2999c287f..000000000 --- a/charts/rancher-istio/0.1.1/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- else }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: - {{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/0.1.1/charts/certmanager/templates/issuer.yaml deleted file mode 100644 index 59402daea..000000000 --- a/charts/rancher-istio/0.1.1/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/0.1.1/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.1/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100644 index b251e3653..000000000 --- a/charts/rancher-istio/0.1.1/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/0.1.1/charts/certmanager/templates/rbac.yaml deleted file mode 100644 index 506dd38e2..000000000 --- a/charts/rancher-istio/0.1.1/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/0.1.1/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100644 index f87543508..000000000 --- a/charts/rancher-istio/0.1.1/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.1/charts/certmanager/values.yaml b/charts/rancher-istio/0.1.1/charts/certmanager/values.yaml deleted file mode 100644 index da1f5f235..000000000 --- a/charts/rancher-istio/0.1.1/charts/certmanager/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.6.2 -resources: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard” vs. "soft” requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security” and value "S1”. -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/0.1.1/charts/galley/Chart.yaml b/charts/rancher-istio/0.1.1/charts/galley/Chart.yaml deleted file mode 100644 index 5933bde12..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: galley -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for galley deployment -keywords: - - istio - - galley -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.1/charts/galley/OWNERS b/charts/rancher-istio/0.1.1/charts/galley/OWNERS deleted file mode 100644 index d6a0e1b97..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -approvers: - - cmluciano - - geeknoid - - ozevren - - ayj diff --git a/charts/rancher-istio/0.1.1/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/galley/templates/_helpers.tpl deleted file mode 100644 index 5d42f4a03..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/charts/galley/templates/clusterrole.yaml deleted file mode 100644 index ec0c94aba..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["*"] -- apiGroups: ["config.istio.io"] # istio mixer CRD watcher - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments"] - resourceNames: ["istio-galley"] - verbs: ["get"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments/finalizers"] - resourceNames: ["istio-galley"] - verbs: ["update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/0.1.1/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.1/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100644 index 88cde2554..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.1/charts/galley/templates/configmap.yaml b/charts/rancher-istio/0.1.1/charts/galley/templates/configmap.yaml deleted file mode 100644 index 662c960b1..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/0.1.1/charts/galley/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/galley/templates/deployment.yaml deleted file mode 100644 index da13e5962..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,123 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/healthliveness - - --readinessProbePath=/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} - - --validation-webhook-config-file - - /etc/config/validatingwebhookconfiguration.yaml - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account - - name: config - configMap: - name: istio-galley-configuration - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.1/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100644 index 75bf77834..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/galley/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/galley/templates/service.yaml deleted file mode 100644 index cd21fd192..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/0.1.1/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/galley/templates/serviceaccount.yaml deleted file mode 100644 index 1ff54c49e..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.1/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/0.1.1/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100644 index ce68fb8a5..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,118 +0,0 @@ -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - failurePolicy: Fail - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - circonuses - - deniers - - fluentds - - kubernetesenvs - - listcheckers - - memquotas - - noops - - opas - - prometheuses - - rbacs - - solarwindses - - stackdrivers - - cloudwatches - - dogstatsds - - statsds - - stdios - - apikeys - - authorizations - - checknothings - # - kuberneteses - - listentries - - logentries - - metrics - - quotas - - reportnothings - - tracespans - - adapters - - handlers - - instances - - templates - - zipkins - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/galley/values.yaml b/charts/rancher-istio/0.1.1/charts/galley/values.yaml deleted file mode 100644 index fa7a306d0..000000000 --- a/charts/rancher-istio/0.1.1/charts/galley/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard” vs. "soft” requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security” and value "S1”. -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/0.1.1/charts/gateways/Chart.yaml b/charts/rancher-istio/0.1.1/charts/gateways/Chart.yaml deleted file mode 100644 index 1bc2806f6..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -name: gateways -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for deploying Istio gateways -keywords: - - istio - - ingressgateway - - egressgateway - - gateways -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.1/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/0.1.1/charts/gateways/templates/_affinity.tpl deleted file mode 100644 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/gateways/templates/_helpers.tpl deleted file mode 100644 index bfc8bc400..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/0.1.1/charts/gateways/templates/autoscale.yaml deleted file mode 100644 index 2455ac345..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/gateways/templates/deployment.yaml deleted file mode 100644 index 900ac4f20..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,323 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeAgent.repository }}:{{ $.Values.global.nodeAgent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsServiceAddress - - {{ $.Values.global.proxy.envoyMetricsService.host }}:{{ $.Values.global.proxy.envoyMetricsService.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- if $spec.applicationPorts }} - - --applicationPorts - - "{{ $spec.applicationPorts }}" - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://api/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.1/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100644 index 36a2d5a9c..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/0.1.1/charts/gateways/templates/preconfigured.yaml deleted file mode 100644 index 8d3dee930..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,239 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingress-certs/tls.crt - privateKey: /etc/istio/ingress-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadLabels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - filters: - - listenerMatch: - portNumber: 15443 - listenerType: GATEWAY - insertPosition: - index: AFTER - relativeTo: envoy.filters.network.sni_cluster - filterName: envoy.filters.network.tcp_cluster_rewrite - filterType: NETWORK - filterConfig: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/gateways/templates/role.yaml b/charts/rancher-istio/0.1.1/charts/gateways/templates/role.yaml deleted file mode 100644 index de4660442..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/0.1.1/charts/gateways/templates/rolebindings.yaml deleted file mode 100644 index 4bb30150d..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/gateways/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/gateways/templates/service.yaml deleted file mode 100644 index 09590310d..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - - # range addon ports - {{- range $key, $val := $spec.addOnPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - - # range meshExpansion ports - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/gateways/templates/serviceaccount.yaml deleted file mode 100644 index d4f6938c1..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/0.1.1/charts/gateways/values.yaml b/charts/rancher-istio/0.1.1/charts/gateways/values.yaml deleted file mode 100644 index b62de2d2e..000000000 --- a/charts/rancher-istio/0.1.1/charts/gateways/values.yaml +++ /dev/null @@ -1,283 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - addOnPorts: - # - port: 15029 - # targetPort: 15029 - # name: https-kiali - # - port: 15030 - # targetPort: 15030 - # name: https-prometheus - # - port: 15031 - # targetPort: 15031 - # name: https-grafana - # - port: 15032 - # targetPort: 15032 - # name: https-tracing - # # This is the port where sni routing happens - # - port: 15443 - # targetPort: 15443 - # name: tls - # - port: 15020 - # targetPort: 15020 - # name: status-port - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - # Ports to explicitly check for readiness. If configured, the readiness check will expect a - # listener on these ports. A comma separated list is expected, such as "80,443". - # - # Warning: If you do not have a gateway configured for the ports provided, this check will always - # fail. This is intended for use cases where you always expect to have a listener on the port, - # such as 80 or 443 in typical setups. - applicationPorts: "" - - env: - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/0.1.1/charts/grafana/Chart.yaml b/charts/rancher-istio/0.1.1/charts/grafana/Chart.yaml deleted file mode 100644 index 8ed346996..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: grafana -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/0.1.1/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index ffe4551a9..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"citadel\", pod_name=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/0.1.1/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index b9b07daa9..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1819 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (typeURL) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ typeURL }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 35 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{apiVersion=\"{{apiVersion}}\",group=\"{{group}}\",kind=\"{{kind}}\"}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Successes", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Conversions/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 3826fbae8..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/0.1.1/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index b074d13ba..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/0.1.1/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index b8ef6d2d7..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/grafana/fix_datasources.sh b/charts/rancher-istio/0.1.1/charts/grafana/fix_datasources.sh deleted file mode 100755 index 33d68691a..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/grafana/templates/_helpers.tpl deleted file mode 100644 index 9d4c59205..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100644 index 78230cefa..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100644 index 9a1e6549f..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/configmap.yaml deleted file mode 100644 index 703f291bd..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100644 index 3246a0d2d..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/deployment.yaml deleted file mode 100644 index bd839eff8..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,165 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - - name: grafana-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.nginxProxy.repository }}:{{ .Values.global.nginxProxy.tag }}" - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - mountPath: /nginx/ - name: grafana-nginx - {{- if and .Values.resources .Values.resources.proxy }} - resources: - {{ toYaml .Values.resources.proxy | indent 10 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: grafana-nginx - configMap: - name: grafana-nginx - items: - - key: nginx.conf - mode: 438 - path: nginx.conf - - name: data -{{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default ("istio-grafana-pvc") }} -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100644 index b9a392651..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/ingress.yaml deleted file mode 100644 index 5645093d0..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/nginx-configmap.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/nginx-configmap.yaml deleted file mode 100644 index 918d61f09..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/nginx-configmap.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: grafana-nginx - labels: - app: grafana-nginx - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: |- - user nginx; - worker_processes auto; - error_log /dev/stdout warn; - pid /var/run/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - server { - listen 80; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - - location /api/dashboards { - proxy_pass http://localhost:3000; - } - - location /api/search { - proxy_pass http://localhost:3000; - - sub_filter_types application/json; - sub_filter_once off; - sub_filter '"url":"/d' '"url":"d'; - } - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; - - proxy_pass http://localhost:3000/; - - sub_filter_types text/html; - sub_filter_once off; - sub_filter '"appSubUrl":""' '"appSubUrl":"."'; - sub_filter '"url":"/' '"url":"./'; - sub_filter ':"/avatar/' ':"avatar/'; - - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - } - } - } -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/pvc.yaml deleted file mode 100644 index 20596f887..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -{{- if .Values.persistence.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.persistence.storageClass }} - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/service.yaml deleted file mode 100644 index a1542f05e..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - kubernetes.io/cluster-service: "true" -spec: - type: {{ .Values.service.type }} - ports: - - name: http-access-grafana - protocol: TCP - targetPort: 80 - port: 80 - selector: - app: grafana -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/0.1.1/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100644 index 7c8d1944b..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/grafana/values.yaml b/charts/rancher-istio/0.1.1/charts/grafana/values.yaml deleted file mode 100644 index c5e6ffc0a..000000000 --- a/charts/rancher-istio/0.1.1/charts/grafana/values.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persistence: - enabled: false - storageClass: "" - accessMode: ReadWriteOnce - existingClaim: "" - size: 5Gi -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - type: ClusterIP - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio - -resources: {} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/Chart.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/Chart.yaml deleted file mode 100644 index ab4ce1fa5..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: istio-init -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2-0" -description: Helm chart to initialize Istio CRDs -keywords: - - istio - - crd -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/LICENSE b/charts/rancher-istio/0.1.1/charts/istio-init/LICENSE deleted file mode 100644 index 56df9b297..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/README.md b/charts/rancher-istio/0.1.1/charts/istio-init/README.md deleted file mode 100644 index c0a0e34f8..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -## Introduction - -This chart bootstraps Istio's [CRDs](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) -which are an internal implementation detail of Istio. CRDs define data structures for storing runtime configuration -specified by a human operator. - -This chart must be run to completion prior to running other Istio charts, or other Istio charts will fail to initialize. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required - -## Resources Required - -The chart deploys pods that consume minimal resources. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - ``` - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. If Tiller has not already been installed in your cluster, Install Tiller on your cluster with the service account: - ``` - $ helm init --service-account tiller - ``` - -1. Install the Istio initializer chart: - ``` - $ helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system - ``` - - > Although you can install the `istio-init` chart to any namespace, it is recommended to install `istio-init` in the same namespace(`istio-system`) as other Istio charts. - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options are explained in the following table: - -| Parameter | Description | Values | Default | -| --- | --- | --- | --- | -| `global.hub` | Specifies the HUB for most images used by Istio | registry/namespace | `docker.io/istio` | -| `global.tag` | Specifies the TAG for most images used by Istio | valid image tag | `0.8.latest` | -| `global.imagePullPolicy` | Specifies the image pull policy | valid image pull policy | `IfNotPresent` | - - -## Uninstalling the Chart - -> Uninstalling this chart does not delete Istio's registered CRDs. Istio by design expects -> CRDs to leak into the Kubernetes environment. As CRDs contain all runtime configuration -> data in CustomResources the Istio designers feel it is better to explicitly delete this -> configuration rather then unexpectedly lose it. - -To uninstall/delete the `istio-init` release but continue to track the release: - ``` - $ helm delete istio-init - ``` - -To uninstall/delete the `istio-init` release completely and make its name free for later use: - ``` - $ helm delete --purge istio-init - ``` - -> Warning: Deleting CRDs will delete any configuration that you have made to Istio. - -To delete all CRDs, run the following command - ``` - $ for i in istio-init/files/*crd*yaml; do kubectl delete -f $i; done - ``` diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-10.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-10.yaml deleted file mode 100644 index e76e50edc..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-10.yaml +++ /dev/null @@ -1,636 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: virtualservices.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - singular: virtualservice - shortNames: - - vs - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: destinationrules.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - singular: destinationrule - shortNames: - - dr - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: serviceentries.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - singular: serviceentry - shortNames: - - se - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: gateways.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: Gateway - plural: gateways - singular: gateway - shortNames: - - gw - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: envoyfilters.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: EnvoyFilter - plural: envoyfilters - singular: envoyfilter - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: clusterrbacconfigs.rbac.istio.io - labels: - app: istio-pilot - istio: rbac - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: rbac.istio.io - names: - kind: ClusterRbacConfig - plural: clusterrbacconfigs - singular: clusterrbacconfig - categories: - - istio-io - - rbac-istio-io - scope: Cluster - versions: - - name: v1alpha1 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: policies.authentication.istio.io - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: authentication.istio.io - names: - kind: Policy - plural: policies - singular: policy - categories: - - istio-io - - authentication-istio-io - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: meshpolicies.authentication.istio.io - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: authentication.istio.io - names: - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - categories: - - istio-io - - authentication-istio-io - scope: Cluster - versions: - - name: v1alpha1 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: httpapispecbindings.config.istio.io - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: HTTPAPISpecBinding - plural: httpapispecbindings - singular: httpapispecbinding - categories: - - istio-io - - apim-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: httpapispecs.config.istio.io - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: HTTPAPISpec - plural: httpapispecs - singular: httpapispec - categories: - - istio-io - - apim-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: quotaspecbindings.config.istio.io - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: QuotaSpecBinding - plural: quotaspecbindings - singular: quotaspecbinding - categories: - - istio-io - - apim-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: quotaspecs.config.istio.io - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: QuotaSpec - plural: quotaspecs - singular: quotaspec - categories: - - istio-io - - apim-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rules.config.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: core - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: rule - plural: rules - singular: rule - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: attributemanifests.config.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: core - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rbacconfigs.rbac.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: rbac - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: rbac.istio.io - names: - kind: RbacConfig - plural: rbacconfigs - singular: rbacconfig - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: serviceroles.rbac.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: rbac - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: rbac.istio.io - names: - kind: ServiceRole - plural: serviceroles - singular: servicerole - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: servicerolebindings.rbac.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: rbac - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: rbac.istio.io - names: - kind: ServiceRoleBinding - plural: servicerolebindings - singular: servicerolebinding - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true ---- diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-11.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-11.yaml deleted file mode 100644 index 5087d38fa..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-11.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: sidecars.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: networking.istio.io - names: - kind: Sidecar - plural: sidecars - singular: sidecar - categories: - - istio-io - - networking-istio-io - scope: Namespaced - versions: - - name: v1alpha3 - served: true - storage: true ---- diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-12.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-12.yaml deleted file mode 100644 index d9b337244..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-12.yaml +++ /dev/null @@ -1,24 +0,0 @@ -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: authorizationpolicies.rbac.istio.io - labels: - app: istio-pilot - istio: rbac - heritage: Tiller - release: istio -spec: - group: rbac.istio.io - names: - kind: AuthorizationPolicy - plural: authorizationpolicies - singular: authorizationpolicy - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true ---- diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-certmanager-10.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-certmanager-10.yaml deleted file mode 100644 index d3a3069e8..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-certmanager-10.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs ---- diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-certmanager-11.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-certmanager-11.yaml deleted file mode 100644 index f63787b68..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/files/crd-certmanager-11.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced ---- diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/clusterrole.yaml deleted file mode 100644 index 881800435..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-init-{{ .Release.Namespace }} - labels: - app: istio-init - istio: init -rules: -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "get", "list", "watch", "patch", "delete"] diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/clusterrolebinding.yaml deleted file mode 100644 index 481674c0e..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-init-admin-role-binding-{{ .Release.Namespace }} - labels: - app: istio-init - istio: init -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-init-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-init-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-10.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-10.yaml deleted file mode 100644 index 69e37fa14..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-10.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: istio-crd-10 -data: - crd-10.yaml: |- -{{.Files.Get "files/crd-10.yaml" | printf "%s" | indent 4}} diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-11.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-11.yaml deleted file mode 100644 index 952640d60..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-11.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: istio-crd-11 -data: - crd-11.yaml: |- -{{.Files.Get "files/crd-11.yaml" | printf "%s" | indent 4}} diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-12.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-12.yaml deleted file mode 100644 index a49736534..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-12.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: istio-crd-12 -data: - crd-12.yaml: |- -{{.Files.Get "files/crd-12.yaml" | printf "%s" | indent 4}} diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-certmanager-10.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-certmanager-10.yaml deleted file mode 100644 index 8ab3e8356..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-certmanager-10.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: istio-crd-certmanager-10 -data: - crd-certmanager-10.yaml: |- -{{.Files.Get "files/crd-certmanager-10.yaml" | printf "%s" | indent 4}} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-certmanager-11.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-certmanager-11.yaml deleted file mode 100644 index beef3043d..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/configmap-crd-certmanager-11.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: istio-crd-certmanager-11 -data: - crd-certmanager-11.yaml: |- -{{.Files.Get "files/crd-certmanager-11.yaml" | printf "%s" | indent 4}} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-10.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-10.yaml deleted file mode 100644 index 079b9a62a..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-10.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-crd-10 - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "-5" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-10 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-10 - mountPath: /etc/istio/crd-10 - readOnly: true - command: ["kubectl", "apply", "-f", "/etc/istio/crd-10/crd-10.yaml"] - volumes: - - name: crd-10 - configMap: - name: istio-crd-10 - restartPolicy: OnFailure - -{{- if .Values.deleteCRDs }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-delete-crd-10 - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-10 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-10 - mountPath: /etc/istio/crd-10 - readOnly: true - command: ["kubectl", "delete", "-f", "/etc/istio/crd-10/crd-10.yaml"] - volumes: - - name: crd-10 - configMap: - name: istio-crd-10 - restartPolicy: Never - backoffLimit: 1 -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-11.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-11.yaml deleted file mode 100644 index 3974e792d..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-11.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-crd-11 - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "-5" -spec: - ttlSecondsAfterFinished: 100 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-11 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-11 - mountPath: /etc/istio/crd-11 - readOnly: true - command: ["kubectl", "apply", "-f", "/etc/istio/crd-11/crd-11.yaml"] - volumes: - - name: crd-11 - configMap: - name: istio-crd-11 - restartPolicy: OnFailure - -{{- if .Values.deleteCRDs }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-delete-crd-11 - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-11 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-11 - mountPath: /etc/istio/crd-11 - readOnly: true - command: ["kubectl", "delete", "-f", "/etc/istio/crd-11/crd-11.yaml"] - volumes: - - name: crd-11 - configMap: - name: istio-crd-11 - restartPolicy: Never - backoffLimit: 1 -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-12.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-12.yaml deleted file mode 100644 index 8f703b9d5..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-12.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-crd-12 - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "-5" -spec: - ttlSecondsAfterFinished: 100 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-12 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-12 - mountPath: /etc/istio/crd-12 - readOnly: true - command: ["kubectl", "apply", "-f", "/etc/istio/crd-12/crd-12.yaml"] - volumes: - - name: crd-12 - configMap: - name: istio-crd-12 - restartPolicy: OnFailure - -{{- if .Values.deleteCRDs }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-delete-crd-12 - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-12 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-12 - mountPath: /etc/istio/crd-12 - readOnly: true - command: ["kubectl", "delete", "-f", "/etc/istio/crd-12/crd-12.yaml"] - volumes: - - name: crd-12 - configMap: - name: istio-crd-12 - restartPolicy: Never - backoffLimit: 1 -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-certmanager-10.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-certmanager-10.yaml deleted file mode 100644 index bfeb0621d..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-certmanager-10.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-crd-certmanager-10 - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "-5" -spec: - ttlSecondsAfterFinished: 100 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-certmanager-10 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-certmanager-10 - mountPath: /etc/istio/crd-certmanager-10 - readOnly: true - command: ["kubectl", "apply", "-f", "/etc/istio/crd-certmanager-10/crd-certmanager-10.yaml"] - volumes: - - name: crd-certmanager-10 - configMap: - name: istio-crd-certmanager-10 - restartPolicy: OnFailure - -{{- if .Values.deleteCRDs }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-delete-crd-certmanager-10 - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-certmanager-10 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-certmanager-10 - mountPath: /etc/istio/crd-certmanager-10 - readOnly: true - command: ["kubectl", "delete", "-f", "/etc/istio/crd-certmanager-10/crd-certmanager-10.yaml"] - volumes: - - name: crd-certmanager-10 - configMap: - name: istio-crd-certmanager-10 - restartPolicy: Never - backoffLimit: 1 -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-certmanager-11.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-certmanager-11.yaml deleted file mode 100644 index 456f26b8f..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/job-crd-certmanager-11.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-crd-certmanager-11 - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "-5" -spec: - ttlSecondsAfterFinished: 100 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-certmanager-11 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-certmanager-11 - mountPath: /etc/istio/crd-certmanager-11 - readOnly: true - command: ["kubectl", "apply", "-f", "/etc/istio/crd-certmanager-11/crd-certmanager-11.yaml"] - volumes: - - name: crd-certmanager-11 - configMap: - name: istio-crd-certmanager-11 - restartPolicy: OnFailure - -{{- if .Values.deleteCRDs }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: istio-init-delete-crd-certmanager-11 - annotations: - "helm.sh/hook": "pre-delete" - "helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation, hook-failed" -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - "helm.sh/hook": "post-delete" - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded - spec: - serviceAccountName: istio-init-service-account - containers: - - name: istio-init-crd-certmanager-11 - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - name: crd-certmanager-11 - mountPath: /etc/istio/crd-certmanager-11 - readOnly: true - command: ["kubectl", "delete", "-f", "/etc/istio/crd-certmanager-11/crd-certmanager-11.yaml"] - volumes: - - name: crd-certmanager-11 - configMap: - name: istio-crd-certmanager-11 - restartPolicy: Never - backoffLimit: 1 -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/templates/serviceaccount.yaml deleted file mode 100644 index 314666293..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-init-service-account - namespace: {{ .Release.Namespace }} - labels: - app: istio-init - istio: init - diff --git a/charts/rancher-istio/0.1.1/charts/istio-init/values.yaml b/charts/rancher-istio/0.1.1/charts/istio-init/values.yaml deleted file mode 100644 index f9aa2f42c..000000000 --- a/charts/rancher-istio/0.1.1/charts/istio-init/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -certmanager: - enabled: false -deleteCRDs: true diff --git a/charts/rancher-istio/0.1.1/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/0.1.1/charts/istiocoredns/Chart.yaml deleted file mode 100644 index fa0481467..000000000 --- a/charts/rancher-istio/0.1.1/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -version: 1.1.0 -appVersion: 0.1 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100644 index e7add11bb..000000000 --- a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100644 index 4242a327f..000000000 --- a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100644 index bafd0ca3b..000000000 --- a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/configmap.yaml deleted file mode 100644 index 50d166fe5..000000000 --- a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - prometheus :9153 - proxy . /etc/resolv.conf - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/deployment.yaml deleted file mode 100644 index 81f0c26b3..000000000 --- a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/service.yaml deleted file mode 100644 index a6311017c..000000000 --- a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100644 index e2627cf45..000000000 --- a/charts/rancher-istio/0.1.1/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.1/charts/istiocoredns/values.yaml b/charts/rancher-istio/0.1.1/charts/istiocoredns/values.yaml deleted file mode 100644 index 1667efc2a..000000000 --- a/charts/rancher-istio/0.1.1/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/0.1.1/charts/kiali/Chart.yaml b/charts/rancher-istio/0.1.1/charts/kiali/Chart.yaml deleted file mode 100644 index 9d6ac19a8..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. -name: kiali -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/kiali/templates/_helpers.tpl deleted file mode 100644 index 6b0095769..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/charts/kiali/templates/clusterrole.yaml deleted file mode 100644 index d9091a0b9..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,267 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: ["config.istio.io"] - resources: - - adapters - - apikeys - - bypasses - - authorizations - - checknothings - - circonuses - - cloudwatches - - deniers - - dogstatsds - - edges - - fluentds - - handlers - - instances - - kubernetesenvs - - kuberneteses - - listcheckers - - listentries - - logentries - - memquotas - - metrics - - noops - - opas - - prometheuses - - quotas - - quotaspecbindings - - quotaspecs - - rbacs - - redisquotas - - reportnothings - - rules - - signalfxs - - solarwindses - - stackdrivers - - statsds - - stdios - - templates - - tracespans - - zipkins - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["networking.istio.io"] - resources: - - destinationrules - - gateways - - serviceentries - - sidecars - - virtualservices - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["authentication.istio.io"] - resources: - - meshpolicies - - policies - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["rbac.istio.io"] - resources: - - clusterrbacconfigs - - rbacconfigs - - servicerolebindings - - serviceroles - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: ["config.istio.io"] - resources: - - adapters - - apikeys - - bypasses - - authorizations - - checknothings - - circonuses - - cloudwatches - - deniers - - dogstatsds - - edges - - fluentds - - handlers - - instances - - kubernetesenvs - - kuberneteses - - listcheckers - - listentries - - logentries - - memquotas - - metrics - - noops - - opas - - prometheuses - - quotas - - quotaspecbindings - - quotaspecs - - rbacs - - redisquotas - - reportnothings - - rules - - signalfxs - - solarwindses - - stackdrivers - - statsds - - stdios - - templates - - tracespans - - zipkins - verbs: - - get - - list - - watch -- apiGroups: ["networking.istio.io"] - resources: - - destinationrules - - gateways - - serviceentries - - sidecars - - virtualservices - verbs: - - get - - list - - watch -- apiGroups: ["authentication.istio.io"] - resources: - - meshpolicies - - policies - verbs: - - get - - list - - watch -- apiGroups: ["rbac.istio.io"] - resources: - - clusterrbacconfigs - - rbacconfigs - - servicerolebindings - - serviceroles - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.1/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100644 index 881796716..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/0.1.1/charts/kiali/templates/configmap.yaml deleted file mode 100644 index e9ab816fc..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - server: - port: 20001 - external_services: - tracing: - {{- if .Values.dashboard.jaegerURL }} - url: {{ .Values.dashboard.jaegerURL }} - {{- else }} - url: http://tracing.istio-system:80 - {{- end }} - grafana: - {{- if eq .Values.global.monitoring.type "cluster-monitoring" }} - url: https://{{ .Values.global.rancher.domain }}/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/cattle-prometheus/services/http:access-grafana:80/proxy// - in_cluster_url: http://access-grafana.cattle-prometheus:80 - {{- else if eq .Values.global.monitoring.type "built-in" }} - {{- if and .Values.global.rancher (and .Values.global.rancher.domain .Values.global.rancher.clusterId) }} - url: https://{{ .Values.global.rancher.domain }}/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:grafana:80/proxy// - in_cluster_url: http://access-grafana.cattle-prometheus:80 - {{- end }} - {{- else }} - {{- if .Values.dashboard.grafanaURL }} - url: {{ .Values.dashboard.grafanaURL }} - {{- end }} - {{- end }} - prometheus: - {{- if eq .Values.global.monitoring.type "cluster-monitoring" }} - url: "http://access-prometheus.cattle-prometheus:80" - {{- else }} - url: {{ .Values.prometheusAddr }} - {{- end }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/kiali/templates/deployment.yaml deleted file mode 100644 index 5b9581ece..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: TRACING_INSECURE_SKIP_VERIFY - value: "true" - - name: GRAFANA_INSECURE_SKIP_VERIFY - value: "true" - - name: TRACING_ENABLED - value: "false" - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: AUTH_STRATEGY - value: {{ .Values.dashboard.authStrategy }} - - name: SERVER_CREDENTIALS_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.dashboard.secretName }} - key: username - optional: true - - name: SERVER_CREDENTIALS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.dashboard.secretName }} - key: passphrase - optional: true -{{- if .Values.contextPath }} - - name: SERVER_WEB_ROOT - value: {{ .Values.contextPath }} -{{- end }} - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: kiali-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.nginxProxy.repository }}:{{ .Values.global.nginxProxy.tag }}" - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - mountPath: /nginx/ - name: kiali-nginx - {{- if and .Values.resources .Values.resources.proxy }} - resources: -{{ toYaml .Values.resources.proxy | indent 10 }} - {{- end }} - volumes: - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-nginx - configMap: - name: kiali-nginx - items: - - key: nginx.conf - mode: 438 - path: nginx.conf - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/0.1.1/charts/kiali/templates/ingress.yaml deleted file mode 100644 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/nginx-configmap.yaml b/charts/rancher-istio/0.1.1/charts/kiali/templates/nginx-configmap.yaml deleted file mode 100644 index 80e9a34f4..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/nginx-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-nginx - namespace: {{ .Release.Namespace }} - labels: - app: kiali-nginx - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: |- - user nginx; - worker_processes auto; - error_log /dev/stdout warn; - pid /var/run/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - server { - listen 80; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; - - proxy_pass http://localhost:20001/; - sub_filter_types application/javascript; - sub_filter_once on; - sub_filter "// This file is intentionally left bank." "window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali-http:80/proxy';"; - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - } - } - } diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/secret.yaml b/charts/rancher-istio/0.1.1/charts/kiali/templates/secret.yaml deleted file mode 100644 index f99bb4153..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: {{ .Values.dashboard.username | b64enc | quote }} - passphrase: {{ .Values.dashboard.passphrase | b64enc | quote }} diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/kiali/templates/service.yaml deleted file mode 100644 index 5e5ee5116..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: ClusterIP - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali ---- -apiVersion: v1 -kind: Service -metadata: - name: kiali-http - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - kubernetes.io/cluster-service: "true" -spec: - type: {{ .Values.service.type }} - ports: - - name: http-access-kiali - protocol: TCP - port: 80 - selector: - app: kiali diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/kiali/templates/serviceaccount.yaml deleted file mode 100644 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.1/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/0.1.1/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100644 index e2a1ff671..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/kiali/values.yaml b/charts/rancher-istio/0.1.1/charts/kiali/values.yaml deleted file mode 100644 index d2aca56a7..000000000 --- a/charts/rancher-istio/0.1.1/charts/kiali/values.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -contextPath: / -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard” vs. "soft” requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security” and value "S1”. -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - # login/anonymous - authStrategy: anonymous - username: admin - passphrase: admin - - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. - - -prometheusAddr: http://prometheus:9090 - -service: - type: ClusterIP - -resources: {} - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/mixer/Chart.yaml b/charts/rancher-istio/0.1.1/charts/mixer/Chart.yaml deleted file mode 100644 index 89c54c0a4..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: mixer -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for mixer deployment -keywords: - - istio - - mixer -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.1/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/mixer/templates/_helpers.tpl deleted file mode 100644 index dac6da036..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/0.1.1/charts/mixer/templates/autoscale.yaml deleted file mode 100644 index 377b47d03..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/charts/mixer/templates/clusterrole.yaml deleted file mode 100644 index 3d7438f2d..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.1/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100644 index 773e68b34..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/mixer/templates/config.yaml b/charts/rancher-istio/0.1.1/charts/mixer/templates/config.yaml deleted file mode 100644 index 43b2c5ced..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1088 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: request.scheme | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | request.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | request.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | request.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | request.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - {{- if .Values.global.controlPlaneSecurityEnabled }} - portLevelSettings: - - port: - number: 15004 - tls: - mode: ISTIO_MUTUAL - {{- end}} - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - {{- if .Values.global.controlPlaneSecurityEnabled }} - portLevelSettings: - - port: - number: 15004 - tls: - mode: ISTIO_MUTUAL - {{- end}} - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/mixer/templates/deployment.yaml deleted file mode 100644 index fdca47f70..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,402 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - {{- if .Values.env }} - env: - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/0.1.1/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.1/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100644 index a6bfe8668..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/mixer/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/mixer/templates/service.yaml deleted file mode 100644 index 79cc4a582..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/0.1.1/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/mixer/templates/serviceaccount.yaml deleted file mode 100644 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/mixer/values.yaml b/charts/rancher-istio/0.1.1/charts/mixer/values.yaml deleted file mode 100644 index f443cfd0e..000000000 --- a/charts/rancher-istio/0.1.1/charts/mixer/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# -# mixer configuration -# -env: - GODEBUG: gctrace=1 - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/0.1.1/charts/nodeagent/Chart.yaml b/charts/rancher-istio/0.1.1/charts/nodeagent/Chart.yaml deleted file mode 100644 index 9ba4eeb44..000000000 --- a/charts/rancher-istio/0.1.1/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: nodeagent -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for nodeagent deployment -keywords: - - istio - - nodeagent -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.1/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/nodeagent/templates/_helpers.tpl deleted file mode 100644 index fda6043d0..000000000 --- a/charts/rancher-istio/0.1.1/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100644 index 9127b05e3..000000000 --- a/charts/rancher-istio/0.1.1/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.1/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100644 index 963757e72..000000000 --- a/charts/rancher-istio/0.1.1/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/0.1.1/charts/nodeagent/templates/daemonset.yaml deleted file mode 100644 index fa69cfc97..000000000 --- a/charts/rancher-istio/0.1.1/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeAgent.repository }}:{{ $.Values.global.nodeAgent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100644 index b52f852d8..000000000 --- a/charts/rancher-istio/0.1.1/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/nodeagent/values.yaml b/charts/rancher-istio/0.1.1/charts/nodeagent/values.yaml deleted file mode 100644 index a01894fe3..000000000 --- a/charts/rancher-istio/0.1.1/charts/nodeagent/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -env: - # name of authentication provider. - CA_PROVIDER: "" - # CA endpoint. - CA_ADDR: "" - # names of authentication provider's plugins. - PLUGINS: "" -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard” vs. "soft” requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security” and value "S1”. -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/0.1.1/charts/pilot/Chart.yaml b/charts/rancher-istio/0.1.1/charts/pilot/Chart.yaml deleted file mode 100644 index 4ce44386e..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: pilot -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for pilot deployment -keywords: - - istio - - pilot -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.1/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/pilot/templates/_helpers.tpl deleted file mode 100644 index c812c3709..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/0.1.1/charts/pilot/templates/autoscale.yaml deleted file mode 100644 index 1a9945136..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/charts/pilot/templates/clusterrole.yaml deleted file mode 100644 index cd7464c1e..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["*"] -- apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes", "secrets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/0.1.1/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.1/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100644 index ef9281ca8..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.1/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/pilot/templates/deployment.yaml deleted file mode 100644 index 4441553be..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,215 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - checksum/config-volume: {{ template "istio.configmap.checksum" . }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 30 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/0.1.1/charts/pilot/templates/meshexpansion.yaml deleted file mode 100644 index 4f3d59570..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/0.1.1/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.1/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100644 index fd9e06a71..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/pilot/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/pilot/templates/service.yaml deleted file mode 100644 index a61d93025..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/0.1.1/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/pilot/templates/serviceaccount.yaml deleted file mode 100644 index 7ec2a66de..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.1/charts/pilot/values.yaml b/charts/rancher-istio/0.1.1/charts/pilot/values.yaml deleted file mode 100644 index 85257a4aa..000000000 --- a/charts/rancher-istio/0.1.1/charts/pilot/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 - GODEBUG: gctrace=1 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/Chart.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/Chart.yaml deleted file mode 100644 index 6431a43dd..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: prometheus -version: 1.1.0 -appVersion: 2.8.0 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/prometheus/templates/_helpers.tpl deleted file mode 100644 index 039388329..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/templates/clusterrole.yaml deleted file mode 100644 index 705b05e00..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100644 index 7153eee15..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/templates/configmap.yaml deleted file mode 100644 index ee257951c..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,283 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/templates/deployment.yaml deleted file mode 100644 index 2031282e1..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - - name: prometheus-nginx - command: - - /bin/sh - - -c - - cp /nginx/run-sh.tmpl /var/run/nginx-start.sh; chmod +x /var/run/nginx-start.sh; /var/run/nginx-start.sh - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - image: "{{ template "system_default_registry" . }}{{ .Values.global.nginxProxy.repository }}:{{ .Values.global.nginxProxy.tag }}" - ports: - - containerPort: 80 - name: http - protocol: TCP - {{- if and .Values.resources .Values.resources.proxy }} - resources: - {{ toYaml .Values.resources.proxy | indent 6 }} - {{- end }} - securityContext: - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - mountPath: /nginx - name: prometheus-nginx - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - - name: prometheus-nginx - configMap: - name: {{ template "prometheus.chart" . }}-nginx - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/templates/ingress.yaml deleted file mode 100644 index 8bd400a26..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/templates/nginx-configmap.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/templates/nginx-configmap.yaml deleted file mode 100644 index acdb95fbc..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/templates/nginx-configmap.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus-nginx - labels: - app: prometheus-nginx - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - run-sh.tmpl: |- - #!/bin/sh - set -e - - srcpath="/nginx/nginx-conf.tmpl" - dstpath="/var/run/nginx.conf" - - if ! [ -f $srcpath ]; then - exit 1 - fi - - token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) - sed "s/REPLACE_PARAM_AUTHORIZATION/Bearer ${token}/g" $srcpath | sed "s/REPLACE_PARAM_IP/${POD_IP}/g" > $dstpath - - exec nginx -g "daemon off;" -c /var/run/nginx.conf - - nginx-conf.tmpl: |- - user nginx; - worker_processes auto; - error_log /dev/stdout warn; - pid /var/run/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - server { - listen 80; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - proxy_set_header Authorization "REPLACE_PARAM_AUTHORIZATION"; - proxy_pass_header Authorization; - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; - - proxy_pass http://REPLACE_PARAM_IP:9090/; - - sub_filter_types text/html; - sub_filter_once off; - sub_filter 'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";'; - - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - } - } - } -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/templates/service.yaml deleted file mode 100644 index 25484ff1c..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: ClusterIP - selector: - app: prometheus - ports: - - name: prometheus - protocol: TCP - port: 9090 ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-http - namespace: {{ .Release.Namespace }} - annotations: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - kubernetes.io/cluster-service: "true" -spec: - type: ClusterIP - selector: - app: prometheus - ports: - - name: access-prometheus - protocol: TCP - port: 80 -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100644 index 1f30e134e..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.enabled (eq .Values.global.monitoring.type "built-in") -}} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100644 index c36ce3f5c..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/prometheus/values.yaml b/charts/rancher-istio/0.1.1/charts/prometheus/values.yaml deleted file mode 100644 index 9f688c73f..000000000 --- a/charts/rancher-istio/0.1.1/charts/prometheus/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 - -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard” vs. "soft” requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security” and value "S1”. -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true - -resources: {} diff --git a/charts/rancher-istio/0.1.1/charts/security/Chart.yaml b/charts/rancher-istio/0.1.1/charts/security/Chart.yaml deleted file mode 100644 index 6cafffacd..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: security -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for istio authentication -keywords: - - istio - - security -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/security/templates/_helpers.tpl deleted file mode 100644 index 7f36f9d51..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/clusterrole.yaml deleted file mode 100644 index 75f2dec65..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/clusterrolebinding.yaml deleted file mode 100644 index 0a15799ce..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/configmap.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/configmap.yaml deleted file mode 100644 index 14749fd65..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100644 index 469e51667..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/deployment.yaml deleted file mode 100644 index 2e282eb6d..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100644 index 75e4a18e3..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100644 index a6931b3b9..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/meshexpansion.yaml deleted file mode 100644 index 581ce964a..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/service.yaml deleted file mode 100644 index efea17544..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/serviceaccount.yaml deleted file mode 100644 index d07d566fa..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/0.1.1/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/0.1.1/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100644 index 481b486de..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/security/values.yaml b/charts/rancher-istio/0.1.1/charts/security/values.yaml deleted file mode 100644 index fa150d04d..000000000 --- a/charts/rancher-istio/0.1.1/charts/security/values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100644 index 878802962..000000000 --- a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: sidecarInjectorWebhook -version: 1.1.0 -appVersion: 1.1.0 -tillerVersion: ">=2.7.2" -description: Helm chart for sidecar injector webhook deployment -keywords: - - istio - - sidecarInjectorWebhook -sources: - - http://github.com/istio/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100644 index f3b9fb15b..000000000 --- a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100644 index 27f9acb51..000000000 --- a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] diff --git a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100644 index 748a93244..000000000 --- a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100644 index 83d876cc8..000000000 --- a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,106 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/health - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: - secretName: istio.istio-sidecar-injector-service-account - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100644 index a30dd38e5..000000000 --- a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} - diff --git a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100644 index 51fb3fc3e..000000000 --- a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100644 index 537e6f960..000000000 --- a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100644 index d4020b517..000000000 --- a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100644 index c2431ff0c..000000000 --- a/charts/rancher-istio/0.1.1/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: false - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/charts/tracing/.helmignore b/charts/rancher-istio/0.1.1/charts/tracing/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/0.1.1/charts/tracing/Chart.yaml b/charts/rancher-istio/0.1.1/charts/tracing/Chart.yaml deleted file mode 100644 index c95789ed7..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: tracing -version: 1.1.0 -appVersion: 1.5.1 -tillerVersion: ">=2.7.2" diff --git a/charts/rancher-istio/0.1.1/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/charts/tracing/templates/_helpers.tpl deleted file mode 100644 index e246b59b1..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/0.1.1/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100644 index eec39d326..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,143 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "16686" -{{- if .Values.contextPath }} - prometheus.io/path: "{{ .Values.contextPath }}/metrics" -{{- else }} - prometheus.io/path: "/{{ .Values.provider }}/metrics" -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 16686 - readinessProbe: - httpGet: - path: / - port: 16686 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - - name: jaeger-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.nginxProxy.repository }}:{{ .Values.global.nginxProxy.tag }}" - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - mountPath: /nginx/ - name: tracing-nginx - {{- if and .Values.jaeger.proxy .Values.jaeger.proxy.resources }} - resources: - {{ toYaml .Values.jaeger.proxy.resources | indent 12 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: tracing-nginx - configMap: - name: tracing-nginx - items: - - key: nginx.conf - mode: 438 - path: nginx.conf -{{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/0.1.1/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/0.1.1/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100644 index ac74cae8b..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - - name: zipkin-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.nginxProxy.repository }}:{{ .Values.global.nginxProxy.tag }}" - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - mountPath: /nginx/ - name: tracing-nginx - {{- if and .Values.zipkin.proxy .Values.zipkin.proxy.resources }} - resources: - {{ toYaml .Values.zipkin.proxy.resources | indent 12 }} - {{- end }} - volumes: - - name: tracing-nginx - configMap: - name: tracing-nginx - items: - - key: nginx.conf - mode: 438 - path: nginx.conf - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/0.1.1/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/0.1.1/charts/tracing/templates/ingress.yaml deleted file mode 100644 index 72f362166..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/charts/tracing/templates/nginx-configmap.yaml b/charts/rancher-istio/0.1.1/charts/tracing/templates/nginx-configmap.yaml deleted file mode 100644 index ccaec64a7..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/templates/nginx-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: tracing-nginx - namespace: {{ .Release.Namespace }} - labels: - app: tracing-nginx - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: |- - user nginx; - worker_processes auto; - error_log /dev/stdout warn; - pid /var/run/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - server { - listen 80; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; -{{ if eq .Values.provider "jaeger" }} - proxy_pass http://localhost:16686/; -{{ else }} - proxy_pass http://localhost:9411/; -{{ end }} - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - } - } - } diff --git a/charts/rancher-istio/0.1.1/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/0.1.1/charts/tracing/templates/pvc.yaml deleted file mode 100644 index 60140494c..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/0.1.1/charts/tracing/templates/service-jaeger.yaml deleted file mode 100644 index 23979baf8..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/0.1.1/charts/tracing/templates/service.yaml b/charts/rancher-istio/0.1.1/charts/tracing/templates/service.yaml deleted file mode 100644 index 7cc9c9cac..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 9411 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - kubernetes.io/cluster-service: "true" - spec: - type: {{ .Values.service.uiType }} - ports: - - name: http-access-tracing - port: 80 - protocol: TCP - targetPort: 80 - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/0.1.1/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/0.1.1/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100644 index 864a34d80..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/charts/tracing/values.yaml b/charts/rancher-istio/0.1.1/charts/tracing/values.yaml deleted file mode 100644 index 0a1e964e3..000000000 --- a/charts/rancher-istio/0.1.1/charts/tracing/values.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - memory: - max_traces: 50000 - proxy: - resources: {} - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - -zipkin: - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - proxy: - resources: {} - -service: - annotations: {} - name: http - type: ClusterIP - uiType: ClusterIP - externalPort: 9411 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/0.1.1/files/injection-template.yaml b/charts/rancher-istio/0.1.1/files/injection-template.yaml deleted file mode 100644 index c0b2c0609..000000000 --- a/charts/rancher-istio/0.1.1/files/injection-template.yaml +++ /dev/null @@ -1,392 +0,0 @@ -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} -{{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }} -initContainers: -{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{- if not .Values.istio_cni.enabled }} -- name: istio-init - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" - {{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- end }} - args: - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" -{{- if .Values.global.proxy.init.resources }} - resources: - {{ toYaml .Values.global.proxy.init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - runAsUser: 0 - runAsNonRoot: false - capabilities: - add: - - NET_ADMIN - {{- if .Values.global.proxy.privileged }} - privileged: true - {{- end }} - restartPolicy: Always -{{- end }} -{{ end -}} -{{- if eq .Values.global.proxy.enableCoreDump true }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - runAsUser: 0 - runAsNonRoot: false - privileged: true -{{ end }} -{{- end }} -containers: -- name: istio-proxy - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- else }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.repository}}:{{ .Values.global.proxy.tag }}" -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsServiceAddress - - "{{ .ProxyConfig.GetEnvoyMetricsService.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ structToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" .Values.global.proxy.statusPort) "0") }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" - - --applicationPorts - - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{if or (ne $index1 0) (ne $index2 0)}},{{end}}{{ structToJSON $p }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multicluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://api/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if .Values.global.proxy.privileged }} - privileged: true - {{- end }} - {{- if ne .Values.global.proxy.enableCoreDump true }} - readOnlyRootFilesystem: true - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - capabilities: - add: - - NET_ADMIN - runAsGroup: 1337 - {{ else -}} - {{ if .Values.global.sds.enabled }} - runAsGroup: 1337 - {{- end }} - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/0.1.1/questions.yml b/charts/rancher-istio/0.1.1/questions.yml deleted file mode 100644 index fa9fd092a..000000000 --- a/charts/rancher-istio/0.1.1/questions.yml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v0.1.1: 1.3.3 -rancher_min_version: 2.3.0-rc1 -rancher_max_version: 2.3.3 diff --git a/charts/rancher-istio/0.1.1/requirements.yaml b/charts/rancher-istio/0.1.1/requirements.yaml deleted file mode 100644 index 6aa00054e..000000000 --- a/charts/rancher-istio/0.1.1/requirements.yaml +++ /dev/null @@ -1,43 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.1.0 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.1.0 - condition: security.enabled - - name: gateways - version: 1.1.0 - condition: gateways.enabled - - name: mixer - version: 1.1.0 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.1.0 - condition: nodeagent.enabled - - name: pilot - version: 1.1.0 - condition: pilot.enabled - - name: grafana - version: 1.1.0 - condition: grafana.enabled - - name: prometheus - version: 1.1.0 - condition: prometheus.enabled - - name: tracing - version: 1.1.0 - condition: tracing.enabled - - name: galley - version: 1.1.0 - condition: galley.enabled - - name: kiali - version: 1.1.0 - condition: kiali.enabled - - name: istiocoredns - version: 1.1.0 - condition: istiocoredns.enabled - - name: certmanager - version: 1.1.0 - condition: certmanager.enabled - - name: istio-init - version: 1.1.0 - condition: istio-init.enabled diff --git a/charts/rancher-istio/0.1.1/templates/NOTES.txt b/charts/rancher-istio/0.1.1/templates/NOTES.txt deleted file mode 100644 index 3b323594c..000000000 --- a/charts/rancher-istio/0.1.1/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/0.1.1/templates/_affinity.tpl b/charts/rancher-istio/0.1.1/templates/_affinity.tpl deleted file mode 100644 index ecc3a905f..000000000 --- a/charts/rancher-istio/0.1.1/templates/_affinity.tpl +++ /dev/null @@ -1,97 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/os - operator: In - values: - - linux - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/templates/_helpers.tpl b/charts/rancher-istio/0.1.1/templates/_helpers.tpl deleted file mode 100644 index 955c2ae38..000000000 --- a/charts/rancher-istio/0.1.1/templates/_helpers.tpl +++ /dev/null @@ -1,55 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Configmap checksum. -*/}} -{{- define "istio.configmap.checksum" -}} -{{- print $.Template.BasePath "/configmap.yaml" | sha256sum -}} -{{- end -}} - - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/0.1.1/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/0.1.1/templates/_podDisruptionBudget.tpl deleted file mode 100644 index ebb86068c..000000000 --- a/charts/rancher-istio/0.1.1/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/0.1.1/templates/clusterrole.yaml b/charts/rancher-istio/0.1.1/templates/clusterrole.yaml deleted file mode 100644 index b92c9ef8b..000000000 --- a/charts/rancher-istio/0.1.1/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/0.1.1/templates/clusterrolebinding.yaml b/charts/rancher-istio/0.1.1/templates/clusterrolebinding.yaml deleted file mode 100644 index 827601b3d..000000000 --- a/charts/rancher-istio/0.1.1/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.1/templates/configmap.yaml b/charts/rancher-istio/0.1.1/templates/configmap.yaml deleted file mode 100644 index 063f2aa76..000000000 --- a/charts/rancher-istio/0.1.1/templates/configmap.yaml +++ /dev/null @@ -1,307 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by the Mixer. - # Note that metrics will still be reported to the Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/templates/crd-certmanager.yaml b/charts/rancher-istio/0.1.1/templates/crd-certmanager.yaml deleted file mode 100644 index f89f479e1..000000000 --- a/charts/rancher-istio/0.1.1/templates/crd-certmanager.yaml +++ /dev/null @@ -1,164 +0,0 @@ -{{- if and .Values.enableCRDs .Values.certmanager.enabled }} -{{- if not (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - version: v1alpha1 - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/templates/crds.yaml b/charts/rancher-istio/0.1.1/templates/crds.yaml deleted file mode 100644 index d142e7756..000000000 --- a/charts/rancher-istio/0.1.1/templates/crds.yaml +++ /dev/null @@ -1,173 +0,0 @@ -{{- if .Values.enableCRDs -}} -{{- if not (.Capabilities.APIVersions.Has "networking.istio.io/v1alpha3") }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: destinationrules.networking.istio.io - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: networking.istio.io - names: - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - singular: destinationrule - shortNames: - - dr - categories: - - istio-io - - networking-istio-io - scope: Namespaced - version: v1alpha3 - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date -{{- end }} ---- -{{- if not (.Capabilities.APIVersions.Has "config.istio.io/v1alpha2") }} -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: attributemanifests.config.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: core - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: config.istio.io - names: - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rules.config.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: core - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: config.istio.io - names: - kind: rule - plural: rules - singular: rule - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rules.config.istio.io - labels: - app: mixer - package: istio.io.mixer - istio: core - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "crd-install" -spec: - group: config.istio.io - names: - kind: rule - plural: rules - singular: rule - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/templates/endpoints.yaml b/charts/rancher-istio/0.1.1/templates/endpoints.yaml deleted file mode 100644 index 81b821853..000000000 --- a/charts/rancher-istio/0.1.1/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/0.1.1/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/0.1.1/templates/install-custom-resources.sh.tpl deleted file mode 100644 index a5525a139..000000000 --- a/charts/rancher-istio/0.1.1/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/0.1.1/templates/istio-service-rbac.yaml b/charts/rancher-istio/0.1.1/templates/istio-service-rbac.yaml deleted file mode 100644 index 7f883b0d5..000000000 --- a/charts/rancher-istio/0.1.1/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali-http:80", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/0.1.1/templates/service.yaml b/charts/rancher-istio/0.1.1/templates/service.yaml deleted file mode 100644 index 732cdefd2..000000000 --- a/charts/rancher-istio/0.1.1/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/0.1.1/templates/serviceaccount.yaml b/charts/rancher-istio/0.1.1/templates/serviceaccount.yaml deleted file mode 100644 index e52d9eb9c..000000000 --- a/charts/rancher-istio/0.1.1/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/0.1.1/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/0.1.1/templates/sidecar-injector-configmap.yaml deleted file mode 100644 index 135b7fbad..000000000 --- a/charts/rancher-istio/0.1.1/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} -{{- end }} diff --git a/charts/rancher-istio/0.1.1/values.yaml b/charts/rancher-istio/0.1.1/values.yaml deleted file mode 100644 index e06596540..000000000 --- a/charts/rancher-istio/0.1.1/values.yaml +++ /dev/null @@ -1,636 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -enableCRDs: true - -istio-init: - enable: true - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: "1.3.3" - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.3.3 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml, it takes precedence -mixer: - repository: rancher/istio-mixer - tag: "1.3.3" - enabled: true - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: "1.3.3" - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: "1.3.3" - enabled: true - -# -# nodeagent configuration -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - repository: rancher/grafana-grafana - tag: 6.3.6 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.11.1 - enabled: true - -# -# addon jaeger tracing configuration -# -tracing: - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.12 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - enabled: true - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.4.2 - enabled: true - -# -# addon certmanager configuration -# -certmanager: - enabled: false - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.1.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Common settings used among istio subcharts. -global: - # Specify members that can access istio service proxy - # members: - # - kind: User - # name: u-abcba - # - kind: Group - # name: github_org://1234567 - # Specify rancher domain and clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - domain: - clusterId: - - systemDefaultRegistry: "" - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Daily builds from prow are on gcr.io, and nightly builds from circle on docker.io/istionightly - # hub: gcr.io/istio-release - hub: docker.io/istio - - # Default tag for Istio images. - # tag: release-1.1-latest-daily - tag: 1.3.3 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.3.3 - - # monitoring port used by mixer, pilot, galley - monitoringPort: 15014 - - nginxProxy: - repository: rancher/nginx - tag: 1.17.4-alpine - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - repository: rancher/istio-proxyv2 - tag: 1.3.3 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - repository: rancher/istio-proxy_init - tag: "1.3.3" - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "[[ valueOrDefault .DeploymentMeta.Namespace \"default\" ]].global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - nodeAgent: - repository: rancher/istio-node-agent-k8s - tag: "1.3.3" - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Specify the monitoring server config of istio - monitoring: - # options includes built-in, cluster-monitoring and custom, default to internal - type: built-in diff --git a/charts/rancher-istio/1.4.1000/.helmignore b/charts/rancher-istio/1.4.1000/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.1000/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.1000/Chart.yaml b/charts/rancher-istio/1.4.1000/Chart.yaml deleted file mode 100755 index 7f5735797..000000000 --- a/charts/rancher-istio/1.4.1000/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -name: rancher-istio -version: 1.4.1000 -appVersion: 1.4.10 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' diff --git a/charts/rancher-istio/1.4.1000/LICENSE b/charts/rancher-istio/1.4.1000/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.4.1000/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.4.1000/README.md b/charts/rancher-istio/1.4.1000/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.4.1000/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.4.1000/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/certmanager/Chart.yaml deleted file mode 100755 index 939bd2815..000000000 --- a/charts/rancher-istio/1.4.1000/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.4.1000/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 4c727365d..000000000 --- a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- else }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.4.1000/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.1000/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index b251e3653..000000000 --- a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.4.1000/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.4.1000/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.1000/charts/certmanager/values.yaml b/charts/rancher-istio/1.4.1000/charts/certmanager/values.yaml deleted file mode 100755 index 2d6854193..000000000 --- a/charts/rancher-istio/1.4.1000/charts/certmanager/values.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.1000/charts/galley/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/galley/Chart.yaml deleted file mode 100755 index fde57635b..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.10 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.4.1000/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index c499dcf7d..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["*"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - resourceNames: ["istio-galley"] - verbs: ["get"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["namespaces/finalizers"] - verbs: ["update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.1000/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.1000/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.1000/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.4.1000/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.4.1000/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/galley/templates/deployment.yaml deleted file mode 100755 index 458d98338..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/healthliveness - - --readinessProbePath=/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --validation-webhook-config-file - - /etc/config/validatingwebhookconfiguration.yaml - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - - name: config - configMap: - name: istio-galley-configuration - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.1000/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.1000/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 75bf77834..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/galley/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/galley/templates/service.yaml deleted file mode 100755 index cd21fd192..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.4.1000/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.1000/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.4.1000/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 253fd2156..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,127 +0,0 @@ -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - failurePolicy: Fail - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - circonuses - - deniers - - fluentds - - kubernetesenvs - - listcheckers - - memquotas - - noops - - opas - - prometheuses - - rbacs - - solarwindses - - stackdrivers - - cloudwatches - - dogstatsds - - statsds - - stdios - - apikeys - - authorizations - - checknothings - # - kuberneteses - - listentries - - logentries - - metrics - - quotas - - reportnothings - - tracespans - - adapters - - handlers - - instances - - templates - - zipkins - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/galley/values.yaml b/charts/rancher-istio/1.4.1000/charts/galley/values.yaml deleted file mode 100755 index 68eff963f..000000000 --- a/charts/rancher-istio/1.4.1000/charts/galley/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/gateways/Chart.yaml deleted file mode 100755 index 77ad51882..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.10 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.4.1000/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.4.1000/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/gateways/templates/deployment.yaml deleted file mode 100755 index 6c1419bcd..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,387 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- if $spec.applicationPorts }} - - --applicationPorts - - "{{ $spec.applicationPorts }}" - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.1000/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 36a2d5a9c..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.4.1000/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 31e431db7..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,241 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadLabels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - filters: - - listenerMatch: - portNumber: 15443 - listenerType: GATEWAY - insertPosition: - index: AFTER - relativeTo: envoy.filters.network.sni_cluster - filterName: envoy.filters.network.tcp_cluster_rewrite - filterType: NETWORK - filterConfig: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.4.1000/charts/gateways/templates/role.yaml deleted file mode 100755 index cb013edb1..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.4.1000/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index 03a9a8a9b..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.1000/charts/gateways/values.yaml b/charts/rancher-istio/1.4.1000/charts/gateways/values.yaml deleted file mode 100755 index 23a16798f..000000000 --- a/charts/rancher-istio/1.4.1000/charts/gateways/values.yaml +++ /dev/null @@ -1,286 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - # Ports to explicitly check for readiness. If configured, the readiness check will expect a - # listener on these ports. A comma separated list is expected, such as "80,443". - # - # Warning: If you do not have a gateway configured for the ports provided, this check will always - # fail. This is intended for use cases where you always expect to have a listener on the port, - # such as 80 or 443 in typical setups. - applicationPorts: "" - - env: - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/Chart.yaml deleted file mode 100755 index 8ffdc2c4e..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.10 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index ffe4551a9..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"citadel\", pod_name=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index b7430f59d..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1823 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 48 - }, - "id": 48, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(istio_mcp_message_sizes_bytes_bucket[5m])) by (le)", - "format": "heatmap", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Response message sizes", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 3826fbae8..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index b074d13ba..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index b8ef6d2d7..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.4.1000/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index d699709b8..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/templates/deployment.yaml deleted file mode 100755 index 9ad2a7f56..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index 7c8d1944b..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/grafana/values.yaml b/charts/rancher-istio/1.4.1000/charts/grafana/values.yaml deleted file mode 100755 index 7b977c1e7..000000000 --- a/charts/rancher-istio/1.4.1000/charts/grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.4.1000/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/istiocoredns/Chart.yaml deleted file mode 100755 index 4b02c2492..000000000 --- a/charts/rancher-istio/1.4.1000/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 4b2a2d42a..000000000 --- a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.image.tag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index 4af0a2256..000000000 --- a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.4.1000/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.1000/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.4.1000/charts/istiocoredns/values.yaml deleted file mode 100755 index f2268c02a..000000000 --- a/charts/rancher-istio/1.4.1000/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/Chart.yaml deleted file mode 100755 index d6081dd21..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.1 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.1 diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 71869f705..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - login_token: - signing_key: {{ randAlphaNum 10 | quote }} - auth: - strategy: {{ .Values.dashboard.auth.strategy }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/templates/deployment.yaml deleted file mode 100755 index d0624ef08..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index e2a1ff671..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/kiali/values.yaml b/charts/rancher-istio/1.4.1000/charts/kiali/values.yaml deleted file mode 100755 index c22d4325d..000000000 --- a/charts/rancher-istio/1.4.1000/charts/kiali/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, or openshift - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/mixer/Chart.yaml deleted file mode 100755 index e2c7010e4..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.10 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.4.1000/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.4.1000/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.1000/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.4.1000/charts/mixer/templates/config.yaml deleted file mode 100755 index 07f5893be..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1092 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: request.scheme | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 60bba11e5..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - security.istio.io/tlsMode: "istio" - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.1000/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index a6bfe8668..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/mixer/values.yaml b/charts/rancher-istio/1.4.1000/charts/mixer/values.yaml deleted file mode 100755 index 6a56f375a..000000000 --- a/charts/rancher-istio/1.4.1000/charts/mixer/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# -# mixer configuration -# - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.4.1000/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/nodeagent/Chart.yaml deleted file mode 100755 index 9b4a564b9..000000000 --- a/charts/rancher-istio/1.4.1000/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.10 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index a4d2463d6..000000000 --- a/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.4.1000/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.1000/charts/nodeagent/values.yaml b/charts/rancher-istio/1.4.1000/charts/nodeagent/values.yaml deleted file mode 100755 index 9138c4647..000000000 --- a/charts/rancher-istio/1.4.1000/charts/nodeagent/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -env: - # name of authentication provider. - CA_PROVIDER: "" - # CA endpoint. - CA_ADDR: "" - # names of authentication provider's plugins. - PLUGINS: "" -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/Chart.yaml deleted file mode 100755 index 57a3636c1..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.10 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index 83af8fb06..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["security.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["*"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 7e7cd2b97..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index fd9e06a71..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.1000/charts/pilot/values.yaml b/charts/rancher-istio/1.4.1000/charts/pilot/values.yaml deleted file mode 100755 index 84c90d9ed..000000000 --- a/charts/rancher-istio/1.4.1000/charts/pilot/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/prometheus/Chart.yaml deleted file mode 100755 index 8f1c08578..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.4.1000/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.4.1000/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.4.1000/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index 1b26fa5a1..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,281 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name \ No newline at end of file diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 1033a2f5b..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.4.1000/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.4.1000/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index c36ce3f5c..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/prometheus/values.yaml b/charts/rancher-istio/1.4.1000/charts/prometheus/values.yaml deleted file mode 100755 index 4edb9bcc6..000000000 --- a/charts/rancher-istio/1.4.1000/charts/prometheus/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.4.1000/charts/security/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/security/Chart.yaml deleted file mode 100755 index 1f2d767f9..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.10 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index 4674cf141..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/deployment.yaml deleted file mode 100755 index 81d0c6b28..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 75e4a18e3..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index b6944e026..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.1000/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.4.1000/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 481b486de..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/security/values.yaml b/charts/rancher-istio/1.4.1000/charts/security/values.yaml deleted file mode 100755 index ba92eea7d..000000000 --- a/charts/rancher-istio/1.4.1000/charts/security/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index 596d76a45..000000000 --- a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.10 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index 95a2ea8e9..000000000 --- a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index 537e6f960..000000000 --- a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index ec64f8ed5..000000000 --- a/charts/rancher-istio/1.4.1000/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: false - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/.helmignore b/charts/rancher-istio/1.4.1000/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/Chart.yaml b/charts/rancher-istio/1.4.1000/charts/tracing/Chart.yaml deleted file mode 100755 index f3d8b6c5a..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.4.10 diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.4.1000/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index da54eeb94..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.4.1000/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index eef24fc16..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.4.1000/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.4.1000/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.4.1000/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index 38c4170b1..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.4.1000/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.4.1000/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index 64248e8c5..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/charts/tracing/values.yaml b/charts/rancher-istio/1.4.1000/charts/tracing/values.yaml deleted file mode 100755 index cc55ea4af..000000000 --- a/charts/rancher-istio/1.4.1000/charts/tracing/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.4.1000/example-values/README.md b/charts/rancher-istio/1.4.1000/example-values/README.md deleted file mode 100755 index 74fedcb60..000000000 --- a/charts/rancher-istio/1.4.1000/example-values/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Example Values - -These files provide various example values for different Istio setups. - -To use them, [read the docs](https://istio.io/docs/setup/kubernetes/helm-install/) and add the flag `--values example-file.yaml`. diff --git a/charts/rancher-istio/1.4.1000/example-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.1000/example-values/values-istio-dns-cert.yaml deleted file mode 100755 index c00676fe9..000000000 --- a/charts/rancher-istio/1.4.1000/example-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,6 +0,0 @@ -global: - certificates: - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.1000/example-values/values-istio-example-sds-vault.yaml b/charts/rancher-istio/1.4.1000/example-values/values-istio-example-sds-vault.yaml deleted file mode 100755 index 7d9aefe02..000000000 --- a/charts/rancher-istio/1.4.1000/example-values/values-istio-example-sds-vault.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.10 - env: - # The IP address and the port number of a publicly accessible example Vault server. - CA_ADDR: "https://34.83.129.211:8200" - CA_PROVIDER: "VaultCA" - VALID_TOKEN: true - # The IP address and the port number of a publicly accessible example Vault server. - VAULT_ADDR: "https://34.83.129.211:8200" - VAULT_AUTH_PATH: "auth/kubernetes/login" - VAULT_ROLE: "istio-cert" - VAULT_SIGN_CSR_PATH: "istio_ca/sign/istio-pki-role" - VAULT_TLS_ROOT_CERT: '-----BEGIN CERTIFICATE-----\nMIIC3jCCAcagAwIBAgIRAO1S7vuRQmo2He+RtBq3fv8wDQYJKoZIhvcNAQELBQAw\nEDEOMAwGA1UEChMFVmF1bHQwIBcNMTkwNDI3MTY1ODE1WhgPMjExOTA0MDMxNjU4\nMTVaMBAxDjAMBgNVBAoTBVZhdWx0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA7/CTbnENEIvFZg9hmVtYnOx3OfMy/GNCuP7sqtAeVVTopAKKkcAAWQck\nrhpBooEGpCugNxXGNCuJh/2nu0AfGFRfdafwSJRoI6yHwQouDm0o4r3h9uL3tu5N\nD+x9j+eejbFsoZVn84CxGkEB6oyeXYHjc6eWh3PFGMtKuOQD4pezvDH0yNCx5waK\nhtPuYtl0ebfdbyh+WQuptO+Q9VSaQNqE3ipZ461y8PduwRRll241W0gQB2iasX03\nD36F2ZrMz3KEVRVKM1yCUDCy2RPJqkXPdnVMWmDGbe8Uw69zr25JltzuRZFT9HL3\nY1RnMTecmSc4ikTUHcMhFX3PYbfR5wIDAQABozEwLzAOBgNVHQ8BAf8EBAMCBaAw\nDAYDVR0TAQH/BAIwADAPBgNVHREECDAGhwQiU4HTMA0GCSqGSIb3DQEBCwUAA4IB\nAQCdLh6olDVQB71LD6srbfAE4EsxLEBbIRnv7Nf1S0KQwgW/QxK8DHBwJBxJkr1N\nzgEPx86f2Fo2UsY9m6rvgP3+iquyMsKi0ooUah3y3LSnONuZcdfSTl/HYd38S6Dp\nVkVOZ7781xxpFVUqQ5voQX1Y1Ipn5qw0FyIcNYWLkNX+iMf1b9kpEIWQNhRC/Yiv\nTS0VA/BzQemGyf2UB6QsuZLH+JFEZnzU859qURnNIITa1Wf4YUtka5Sp1kDnEll3\nwj4IlXKU+Wl1CzxJyn4SSQAXy/Lb08ZKrF/YSzcIISnRX5j+wa8ApOSwwA/B7iaT\nTWz1g+RlV9qHap70eIjPsQvb\n-----END CERTIFICATE-----' diff --git a/charts/rancher-istio/1.4.1000/example-values/values-istio-gateways.yaml b/charts/rancher-istio/1.4.1000/example-values/values-istio-gateways.yaml deleted file mode 100755 index b9930d0a0..000000000 --- a/charts/rancher-istio/1.4.1000/example-values/values-istio-gateways.yaml +++ /dev/null @@ -1,135 +0,0 @@ -# Common settings. -global: - # Omit the istio-sidecar-injector configmap when generate a - # standalone gateway. Gateways may be created in namespaces other - # than `istio-system` and we don't want to re-create the injector - # configmap in those. - omitSidecarInjectorConfigMap: true - - # Istio control plane namespace: This specifies where the Istio control - # plane was installed earlier. Modify this if you installed the control - # plane in a different namespace than istio-system. - istioNamespace: istio-system - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specific gateway by setting the `enabled` to false. -# -gateways: - enabled: true - - custom-gateway: - enabled: true - labels: - app: custom-gateway - replicaCount: 1 - autoscaleMin: 1 - autoscaleMax: 5 - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - #requests: - # cpu: 1800m - # memory: 256Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: {} - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - - port: 80 - targetPort: 80 - name: http2 - # nodePort: 31380 - - port: 443 - name: https - # nodePort: 31390 - - port: 31400 - name: tcp - # nodePort: 31400 - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Addon ports for kiali are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15029 - targetPort: 15029 - name: http2-kiali - # Telemetry-related ports are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15030 - targetPort: 15030 - name: http2-prometheus - - port: 15031 - targetPort: 15031 - name: http2-grafana - - port: 15032 - targetPort: 15032 - name: http2-tracing - secretVolumes: - - name: customgateway-certs - secretName: istio-customgateway-certs - mountPath: /etc/istio/customgateway-certs - - name: customgateway-ca-certs - secretName: istio-customgateway-ca-certs - mountPath: /etc/istio/customgateway-ca-certs - -# all other components are disabled except the gateways -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - -grafana: - enabled: false - -prometheus: - enabled: false - -tracing: - enabled: false - -kiali: - enabled: false - -certmanager: - enabled: false diff --git a/charts/rancher-istio/1.4.1000/example-values/values-istio-googleca.yaml b/charts/rancher-istio/1.4.1000/example-values/values-istio-googleca.yaml deleted file mode 100755 index f1a0216a2..000000000 --- a/charts/rancher-istio/1.4.1000/example-values/values-istio-googleca.yaml +++ /dev/null @@ -1,29 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - # For GoogleCA, the aud field need to be set to the trustDomain, which is also set at the - # installation/configuration time, e.g. by running helm template. - token: - aud: "" - - trustDomain: "" - - useMCP: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.10 - env: - CA_PROVIDER: "GoogleCA" - CA_ADDR: "meshca.googleapis.com:443" - PLUGINS: "GoogleTokenExchange" - GKE_CLUSTER_URL: "" diff --git a/charts/rancher-istio/1.4.1000/example-values/values-istio-meshexpansion-gateways.yaml b/charts/rancher-istio/1.4.1000/example-values/values-istio-meshexpansion-gateways.yaml deleted file mode 100755 index 51a1ded16..000000000 --- a/charts/rancher-istio/1.4.1000/example-values/values-istio-meshexpansion-gateways.yaml +++ /dev/null @@ -1,28 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - meshExpansion: - enabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.1000/example-values/values-istio-multicluster-gateways.yaml b/charts/rancher-istio/1.4.1000/example-values/values-istio-multicluster-gateways.yaml deleted file mode 100755 index 3524a3d47..000000000 --- a/charts/rancher-istio/1.4.1000/example-values/values-istio-multicluster-gateways.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.1000/files/injection-template.yaml b/charts/rancher-istio/1.4.1000/files/injection-template.yaml deleted file mode 100755 index df94e5689..000000000 --- a/charts/rancher-istio/1.4.1000/files/injection-template.yaml +++ /dev/null @@ -1,461 +0,0 @@ -{{- $cniDisabled := (not .Values.istio_cni.enabled) }} -{{- $cniRepairEnabled := (and .Values.istio_cni.enabled .Values.istio_cni.repair.enabled) }} -{{- $enableInitContainer := (or $cniDisabled $cniRepairEnabled .Values.global.proxy.enableCoreDump) }} -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} -{{- if $enableInitContainer }} -initContainers: -{{- if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{ if $cniRepairEnabled -}} -- name: istio-validation -{{ else -}} -- name: istio-init -{{ end -}} -{{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- end }} - command: -{{- if $cniRepairEnabled }} - - istio-iptables-go -{{- else }} - - istio-iptables -{{- end }} - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} -{{ if $cniRepairEnabled -}} - - "--run-validation" - - "--skip-rule-apply" -{{- end }} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" -{{- if .Values.global.proxy.init.resources }} - resources: - {{ toYaml .Values.global.proxy.init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: -{{- if not $cniRepairEnabled }} - add: - - NET_ADMIN - - NET_RAW -{{- end }} - drop: - - ALL - readOnlyRootFilesystem: false - {{- if not $cniRepairEnabled }} - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - runAsGroup: 1337 - runAsUser: 1337 - runAsNonRoot: true - {{- end }} - restartPolicy: Always - {{ end -}} -{{- if eq .Values.global.proxy.enableCoreDump true }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} - {{ end }} -containers: -- name: istio-proxy -{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` "") }} # if custom pod then use that - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" -{{- else }} - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- else }} - image: "{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- end }} -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" - - --applicationPorts - - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents.Value }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.4.1000/questions.yaml b/charts/rancher-istio/1.4.1000/questions.yaml deleted file mode 100644 index 23812167f..000000000 --- a/charts/rancher-istio/1.4.1000/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v1.4.1000: 1.4.10 -rancher_min_version: 2.3.8-rc1 -rancher_max_version: 2.5.3 \ No newline at end of file diff --git a/charts/rancher-istio/1.4.1000/requirements.yaml b/charts/rancher-istio/1.4.1000/requirements.yaml deleted file mode 100755 index 819d7fc7c..000000000 --- a/charts/rancher-istio/1.4.1000/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.4.10 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.4.10 - condition: security.enabled - - name: gateways - version: 1.4.10 - condition: gateways.enabled - - name: mixer - version: 1.4.10 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.4.10 - condition: nodeagent.enabled - - name: pilot - version: 1.4.10 - condition: pilot.enabled - - name: grafana - version: 1.4.10 - condition: grafana.enabled - - name: prometheus - version: 1.4.10 - condition: prometheus.enabled - - name: tracing - version: 1.4.10 - condition: tracing.enabled - - name: galley - version: 1.4.10 - condition: galley.enabled - - name: kiali - version: 1.4.10 - condition: kiali.enabled - - name: istiocoredns - version: 1.4.10 - condition: istiocoredns.enabled - - name: certmanager - version: 1.4.10 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.4.1000/templates/NOTES.txt b/charts/rancher-istio/1.4.1000/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.4.1000/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.4.1000/templates/_affinity.tpl b/charts/rancher-istio/1.4.1000/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.4.1000/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/templates/_helpers.tpl b/charts/rancher-istio/1.4.1000/templates/_helpers.tpl deleted file mode 100755 index cf10568c7..000000000 --- a/charts/rancher-istio/1.4.1000/templates/_helpers.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.1000/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.4.1000/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.4.1000/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/templates/clusterrole.yaml b/charts/rancher-istio/1.4.1000/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.4.1000/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.1000/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.1000/templates/clusterrolebinding.yaml deleted file mode 100755 index 827601b3d..000000000 --- a/charts/rancher-istio/1.4.1000/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.1000/templates/configmap.yaml b/charts/rancher-istio/1.4.1000/templates/configmap.yaml deleted file mode 100755 index e260cbb7f..000000000 --- a/charts/rancher-istio/1.4.1000/templates/configmap.yaml +++ /dev/null @@ -1,341 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - - {{ .Values.pilot.configSource.subscribedResources }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/templates/crd-10.yaml b/charts/rancher-istio/1.4.1000/templates/crd-10.yaml deleted file mode 100644 index f017e2658..000000000 --- a/charts/rancher-istio/1.4.1000/templates/crd-10.yaml +++ /dev/null @@ -1,4816 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible - for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is - exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP - requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a - backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per - connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP - upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on - the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer - algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep - analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to - the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server - during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded - to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to - a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool - connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to - a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to - a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS - handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more - details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was - generated. - type: integer - service: - description: The fully qualified service name for this - cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match - on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply - the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's - match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual - host. - properties: - action: - description: Match a route with specific action - type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener - is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway - listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified - cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates - to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection - per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override - the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value - of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` - before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled - limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL - or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these - routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - appendHeaders: - additionalProperties: - format: string - type: string - type: object - appendRequestHeaders: - additionalProperties: - format: string - type: string - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - type: object - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - nullable: true - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. - items: - format: string - type: string - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at - the client side. - properties: - abort: - oneOf: - - properties: - percent: {} - required: - - httpStatus - - properties: - percent: {} - required: - - grpcStatus - - properties: - percent: {} - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http - request. - format: int32 - type: integer - percent: - description: Percentage of requests to be aborted with - the error code provided (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with - the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - properties: - percent: {} - required: - - fixedDelay - - properties: - percent: {} - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay - will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should - be case-insensitive. - type: boolean - method: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being - addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A http rule can either redirect or forward (default) - traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - removeRequestHeaders: - items: - format: string - type: string - type: array - removeResponseHeaders: - items: - format: string - type: string - type: array - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes - place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A http rule can either redirect or forward (default) - traffic. - items: - properties: - appendRequestHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_request_headers` is deprecated. - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_response_headers` is deprecated. - type: object - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - removeRequestHeaders: - description: Use of `remove_request_headers` is deprecated. - items: - format: string - type: string - type: array - removeResponseHeaders: - description: Use of `remove_response_header` is deprecated. - items: - format: string - type: string - type: array - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - websocketUpgrade: - description: Deprecated. - type: boolean - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.1000/templates/crd-11.yaml b/charts/rancher-istio/1.4.1000/templates/crd-11.yaml deleted file mode 100644 index 0de33afd9..000000000 --- a/charts/rancher-istio/1.4.1000/templates/crd-11.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. - See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The ip to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.1000/templates/crd-14.yaml b/charts/rancher-istio/1.4.1000/templates/crd-14.yaml deleted file mode 100644 index e51edfc5c..000000000 --- a/charts/rancher-istio/1.4.1000/templates/crd-14.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app: istio-pilot - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io - annotations: - helm.sh/hook: crd-install,pre-upgrade -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details - at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html' - properties: - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - values: - description: The allowed values for the attribute. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.1000/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.4.1000/templates/crd-certmanager-10.yaml deleted file mode 100644 index a3a61f7f5..000000000 --- a/charts/rancher-istio/1.4.1000/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.4.1000/templates/crd-certmanager-11.yaml deleted file mode 100644 index ea6a96967..000000000 --- a/charts/rancher-istio/1.4.1000/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/templates/endpoints.yaml b/charts/rancher-istio/1.4.1000/templates/endpoints.yaml deleted file mode 100755 index 81b821853..000000000 --- a/charts/rancher-istio/1.4.1000/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.4.1000/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.4.1000/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.4.1000/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.4.1000/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.4.1000/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.1000/templates/service.yaml b/charts/rancher-istio/1.4.1000/templates/service.yaml deleted file mode 100755 index 732cdefd2..000000000 --- a/charts/rancher-istio/1.4.1000/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.1000/templates/serviceaccount.yaml deleted file mode 100755 index e52d9eb9c..000000000 --- a/charts/rancher-istio/1.4.1000/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.1000/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.4.1000/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.4.1000/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.1000/test-values/README.md b/charts/rancher-istio/1.4.1000/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.4.1000/test-values/values-e2e.yaml b/charts/rancher-istio/1.4.1000/test-values/values-e2e.yaml deleted file mode 100755 index 18264aa2f..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - kiali: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index 3c598abe0..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,25 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.10 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.1000/test-values/values-istio.yaml b/charts/rancher-istio/1.4.1000/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.4.1000/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.1000/values-istio-demo.yaml b/charts/rancher-istio/1.4.1000/values-istio-demo.yaml deleted file mode 100755 index d28dbaaf2..000000000 --- a/charts/rancher-istio/1.4.1000/values-istio-demo.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# This is used to generate istio.yaml for minimal, demo mode. -# It is shipped with the release, used for bookinfo or quick installation of istio. -# Includes components used in the demo, defaults to alpha3 rules. -global: - controlPlaneSecurityEnabled: false - - proxy: - accessLogFile: "/dev/stdout" - resources: - requests: - cpu: 10m - memory: 40Mi - - disablePolicyChecks: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - -sidecarInjectorWebhook: - enabled: true - # If true, webhook or istioctl injector will rewrite PodSpec for liveness - # health check to redirect request to sidecar. This makes liveness check work - # even when mTLS is enabled. - rewriteAppHTTPProbe: false - -pilot: - autoscaleEnabled: false - traceSampling: 100.0 - resources: - requests: - cpu: 10m - memory: 100Mi - -mixer: - policy: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - - telemetry: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 50m - memory: 100Mi - - adapters: - stdio: - enabled: true - -grafana: - enabled: true - -tracing: - enabled: true - -kiali: - enabled: true - createDemoSecret: true - -gateways: - istio-ingressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - - istio-egressgateway: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi diff --git a/charts/rancher-istio/1.4.1000/values-istio-minimal.yaml b/charts/rancher-istio/1.4.1000/values-istio-minimal.yaml deleted file mode 100755 index de45fa458..000000000 --- a/charts/rancher-istio/1.4.1000/values-istio-minimal.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Minimal Istio Configuration: https://istio.io/docs/setup/kubernetes/additional-setup/config-profiles/ -# -pilot: - enabled: true - sidecar: false - -gateways: - enabled: false - -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -prometheus: - enabled: false - - -# Common settings. -global: - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - useMCP: false - - diff --git a/charts/rancher-istio/1.4.1000/values-istio-remote.yaml b/charts/rancher-istio/1.4.1000/values-istio-remote.yaml deleted file mode 100755 index 4ff03c360..000000000 --- a/charts/rancher-istio/1.4.1000/values-istio-remote.yaml +++ /dev/null @@ -1,36 +0,0 @@ -gateways: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - configSource: - subscribedResources: - -security: - enabled: true - createMeshPolicy: false - -prometheus: - enabled: false - -global: - istioRemote: true - - enableTracing: false - - # Sets an identifier for the remote network to be used for Split Horizon EDS. The network will be sent - # to the Pilot when connected by the sidecar and will affect the results returned in EDS requests. - # Based on the network identifier Pilot will return all local endpoints + endpoints of gateways to - # other networks. - # - # Must match the names in the meshNetworks section in the Istio local. - network: "" diff --git a/charts/rancher-istio/1.4.1000/values-istio-sds-auth-control-plane-auth-disabled.yaml b/charts/rancher-istio/1.4.1000/values-istio-sds-auth-control-plane-auth-disabled.yaml deleted file mode 100755 index 6c27eceaf..000000000 --- a/charts/rancher-istio/1.4.1000/values-istio-sds-auth-control-plane-auth-disabled.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.10 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.1000/values-istio-sds-auth.yaml b/charts/rancher-istio/1.4.1000/values-istio-sds-auth.yaml deleted file mode 100755 index 1fa0ecd7b..000000000 --- a/charts/rancher-istio/1.4.1000/values-istio-sds-auth.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.10 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.1000/values.yaml b/charts/rancher-istio/1.4.1000/values.yaml deleted file mode 100755 index 93dfc00eb..000000000 --- a/charts/rancher-istio/1.4.1000/values.yaml +++ /dev/null @@ -1,685 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: 1.4.10 - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.4.10 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - repository: rancher/istio-mixer - tag: 1.4.10 - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: 1.4.10 - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: 1.4.10 - enabled: true - -# -# nodeagent configuration -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - repository: rancher/grafana-grafana - tag: 6.3.6 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.12.0 - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.14 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - enabled: false - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.15 - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - enabled: false - image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.8.1 - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - repair: - enabled: true - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.6.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Common settings used among istio subcharts. -global: - - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - clusterId: - - systemDefaultRegistry: "" - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.4.10 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.4.10 - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - # use fully qualified image names for alternate path to proxy. - repository: rancher/istio-proxyv2 - tag: 1.4.10 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - repository: rancher/istio-proxyv2 - tag: 1.4.10 - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: false - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: false - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - nodeagent: - repository: rancher/istio-node-agent-k8s - tag: 1.4.10 - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-istio/1.4.3/.helmignore b/charts/rancher-istio/1.4.3/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.3/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.3/Chart.yaml b/charts/rancher-istio/1.4.3/Chart.yaml deleted file mode 100755 index e5bb5c0c7..000000000 --- a/charts/rancher-istio/1.4.3/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -name: rancher-istio -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/LICENSE b/charts/rancher-istio/1.4.3/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.4.3/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.4.3/README.md b/charts/rancher-istio/1.4.3/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.4.3/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.4.3/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.4.3/charts/certmanager/Chart.yaml deleted file mode 100755 index d97ed6aae..000000000 --- a/charts/rancher-istio/1.4.3/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.4.3/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.4.3/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.4.3/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.4.3/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 48e473153..000000000 --- a/charts/rancher-istio/1.4.3/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.4.3/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.4.3/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.4.3/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.3/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index b251e3653..000000000 --- a/charts/rancher-istio/1.4.3/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.4.3/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.4.3/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.4.3/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.4.3/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.3/charts/certmanager/values.yaml b/charts/rancher-istio/1.4.3/charts/certmanager/values.yaml deleted file mode 100755 index 01e565c45..000000000 --- a/charts/rancher-istio/1.4.3/charts/certmanager/values.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -hub: quay.io/jetstack -image: cert-manager-controller -tag: v0.8.1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.3/charts/galley/Chart.yaml b/charts/rancher-istio/1.4.3/charts/galley/Chart.yaml deleted file mode 100755 index 981de920c..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.4.3/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index 427a50463..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["*"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - resourceNames: ["istio-galley"] - verbs: ["get"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["deployments/finalizers"] - resourceNames: ["istio-galley"] - verbs: ["update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.3/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.3/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.3/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.4.3/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.4.3/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/galley/templates/deployment.yaml deleted file mode 100755 index 942268633..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/healthliveness - - --readinessProbePath=/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --validation-webhook-config-file - - /etc/config/validatingwebhookconfiguration.yaml - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - - name: config - configMap: - name: istio-galley-configuration - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.3/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.3/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 75bf77834..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/galley/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/galley/templates/service.yaml deleted file mode 100755 index cd21fd192..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.4.3/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.3/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.4.3/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 253fd2156..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,127 +0,0 @@ -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - failurePolicy: Fail - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - circonuses - - deniers - - fluentds - - kubernetesenvs - - listcheckers - - memquotas - - noops - - opas - - prometheuses - - rbacs - - solarwindses - - stackdrivers - - cloudwatches - - dogstatsds - - statsds - - stdios - - apikeys - - authorizations - - checknothings - # - kuberneteses - - listentries - - logentries - - metrics - - quotas - - reportnothings - - tracespans - - adapters - - handlers - - instances - - templates - - zipkins - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/galley/values.yaml b/charts/rancher-istio/1.4.3/charts/galley/values.yaml deleted file mode 100755 index 1dc415a8c..000000000 --- a/charts/rancher-istio/1.4.3/charts/galley/values.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: galley -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.4.3/charts/gateways/Chart.yaml b/charts/rancher-istio/1.4.3/charts/gateways/Chart.yaml deleted file mode 100755 index 707721f88..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.4.3/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.4.3/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/gateways/templates/deployment.yaml deleted file mode 100755 index ca7eb1673..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,395 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: {{ $.Values.global.proxy.enableCoreDumpImage }} - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds -{{- if contains "/" $spec.sds.image }} - image: "{{ $spec.sds.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $spec.sds.image }}:{{ $.Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy -{{- if contains "/" $.Values.global.proxy.image }} - image: "{{ $.Values.global.proxy.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- if $spec.applicationPorts }} - - --applicationPorts - - "{{ $spec.applicationPorts }}" - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.3/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 36a2d5a9c..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.4.3/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 31e431db7..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,241 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadLabels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - filters: - - listenerMatch: - portNumber: 15443 - listenerType: GATEWAY - insertPosition: - index: AFTER - relativeTo: envoy.filters.network.sni_cluster - filterName: envoy.filters.network.tcp_cluster_rewrite - filterType: NETWORK - filterConfig: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.4.3/charts/gateways/templates/role.yaml deleted file mode 100755 index 37bdf3ef8..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.4.3/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index cd3245b01..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.3/charts/gateways/values.yaml b/charts/rancher-istio/1.4.3/charts/gateways/values.yaml deleted file mode 100755 index 2dc682af2..000000000 --- a/charts/rancher-istio/1.4.3/charts/gateways/values.yaml +++ /dev/null @@ -1,287 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - image: node-agent-k8s - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - # Ports to explicitly check for readiness. If configured, the readiness check will expect a - # listener on these ports. A comma separated list is expected, such as "80,443". - # - # Warning: If you do not have a gateway configured for the ports provided, this check will always - # fail. This is intended for use cases where you always expect to have a listener on the port, - # such as 80 or 443 in typical setups. - applicationPorts: "" - - env: - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.4.3/charts/grafana/Chart.yaml b/charts/rancher-istio/1.4.3/charts/grafana/Chart.yaml deleted file mode 100755 index 21728367f..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.4.3/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index ffe4551a9..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"citadel\", pod_name=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.4.3/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index d67d6e5e8..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1734 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 3826fbae8..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.4.3/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index b074d13ba..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.4.3/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index b8ef6d2d7..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.3/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.4.3/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.4.3/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.4.3/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.4.3/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.3/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index 0a4a9e54d..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/grafana/templates/deployment.yaml deleted file mode 100755 index ba3037e04..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.4.3/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.4.3/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.4.3/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.4.3/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index e9268c4b9..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: pstauffer/curl:v1.0.3 - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/grafana/values.yaml b/charts/rancher-istio/1.4.3/charts/grafana/values.yaml deleted file mode 100755 index 2c272bf78..000000000 --- a/charts/rancher-istio/1.4.3/charts/grafana/values.yaml +++ /dev/null @@ -1,117 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -image: - repository: grafana/grafana - tag: 6.4.3 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.4.3/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.4.3/charts/istiocoredns/Chart.yaml deleted file mode 100755 index e48e90d2e..000000000 --- a/charts/rancher-istio/1.4.3/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 925626f6b..000000000 --- a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.coreDNSTag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index d5e087983..000000000 --- a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: {{ .Values.coreDNSImage }}:{{ .Values.coreDNSTag }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: {{ .Values.coreDNSPluginImage }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.4.3/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.3/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.4.3/charts/istiocoredns/values.yaml deleted file mode 100755 index 6b31219cc..000000000 --- a/charts/rancher-istio/1.4.3/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -coreDNSImage: coredns/coredns -coreDNSTag: 1.6.2 -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -coreDNSPluginImage: istio/coredns-plugin:0.2-istio-1.1 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.3/charts/kiali/Chart.yaml b/charts/rancher-istio/1.4.3/charts/kiali/Chart.yaml deleted file mode 100755 index 5f0949d8b..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.0 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.0 diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.4.3/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.3/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.4.3/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 055edd624..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - auth: - strategy: {{ .Values.dashboard.auth.strategy }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.4.3/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/kiali/templates/deployment.yaml deleted file mode 100755 index 49a73157d..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.4.3/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.4.3/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.3/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.4.3/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index d798f7f42..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: pstauffer/curl:v1.0.3 - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/kiali/values.yaml b/charts/rancher-istio/1.4.3/charts/kiali/values.yaml deleted file mode 100755 index f9d25256b..000000000 --- a/charts/rancher-istio/1.4.3/charts/kiali/values.yaml +++ /dev/null @@ -1,64 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -hub: quay.io/kiali -image: kiali -tag: v1.9 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, or openshift - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.4.3/charts/mixer/Chart.yaml b/charts/rancher-istio/1.4.3/charts/mixer/Chart.yaml deleted file mode 100755 index 3eb767216..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.4.3/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.4.3/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.3/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.4.3/charts/mixer/templates/config.yaml deleted file mode 100755 index 07f5893be..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1092 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: request.scheme | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 3a85cf3a7..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,447 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $.Values.image }}:{{ $.Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy -{{- if contains "/" $.Values.global.proxy.image }} - image: "{{ $.Values.global.proxy.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $.Values.image }}:{{ $.Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy -{{- if contains "/" $.Values.global.proxy.image }} - image: "{{ $.Values.global.proxy.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - security.istio.io/tlsMode: "istio" - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.4.3/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.3/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index a6bfe8668..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.3/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/mixer/values.yaml b/charts/rancher-istio/1.4.3/charts/mixer/values.yaml deleted file mode 100755 index d335c36c3..000000000 --- a/charts/rancher-istio/1.4.3/charts/mixer/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# -# mixer configuration -# -image: mixer - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.4.3/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.4.3/charts/nodeagent/Chart.yaml deleted file mode 100755 index 2827ec853..000000000 --- a/charts/rancher-istio/1.4.3/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.4.3/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.4.3/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.4.3/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.3/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.3/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.4.3/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.3/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.4.3/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index 58f1efb46..000000000 --- a/charts/rancher-istio/1.4.3/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.4.3/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.4.3/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.3/charts/nodeagent/values.yaml b/charts/rancher-istio/1.4.3/charts/nodeagent/values.yaml deleted file mode 100755 index 76c5503af..000000000 --- a/charts/rancher-istio/1.4.3/charts/nodeagent/values.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -image: node-agent-k8s -env: - # name of authentication provider. - CA_PROVIDER: "" - # CA endpoint. - CA_ADDR: "" - # names of authentication provider's plugins. - PLUGINS: "" -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.3/charts/pilot/Chart.yaml b/charts/rancher-istio/1.4.3/charts/pilot/Chart.yaml deleted file mode 100755 index dd73676ab..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.4.3/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.4.3/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index 83af8fb06..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["security.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["*"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.4.3/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.3/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.3/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.4.3/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 093bc06a9..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,242 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy -{{- if contains "/" .Values.global.proxy.image }} - image: "{{ .Values.global.proxy.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.3/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.3/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.3/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index fd9e06a71..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.4.3/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.3/charts/pilot/values.yaml b/charts/rancher-istio/1.4.3/charts/pilot/values.yaml deleted file mode 100755 index 0d37ec59c..000000000 --- a/charts/rancher-istio/1.4.3/charts/pilot/values.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: pilot -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.4.3/charts/prometheus/Chart.yaml deleted file mode 100755 index 668a0019d..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.4.3/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.4.3/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.4.3/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index 1b26fa5a1..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,281 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name \ No newline at end of file diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 64214e0de..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.4.3/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.4.3/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index 45b025edf..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: pstauffer/curl:v1.0.3 - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/prometheus/values.yaml b/charts/rancher-istio/1.4.3/charts/prometheus/values.yaml deleted file mode 100755 index 76bda8457..000000000 --- a/charts/rancher-istio/1.4.3/charts/prometheus/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -hub: docker.io/prom -image: prometheus -tag: v2.12.0 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.4.3/charts/security/Chart.yaml b/charts/rancher-istio/1.4.3/charts/security/Chart.yaml deleted file mode 100755 index 0dbdac550..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index d1b9da78c..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ .Values.global.hub }}/istio-kubectl:{{ .Values.global.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/deployment.yaml deleted file mode 100755 index 2b3c8fe3d..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,123 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 75e4a18e3..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index b6944e026..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.3/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.4.3/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 6fc742a6e..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: pstauffer/curl:v1.0.3 - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/security/values.yaml b/charts/rancher-istio/1.4.3/charts/security/values.yaml deleted file mode 100755 index ee16f2c60..000000000 --- a/charts/rancher-istio/1.4.3/charts/security/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: citadel -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index 388744cec..000000000 --- a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index 6986ce630..000000000 --- a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" -{{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index 537e6f960..000000000 --- a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index 84cbb7453..000000000 --- a/charts/rancher-istio/1.4.3/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: sidecar_injector -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: false - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.4.3/charts/tracing/.helmignore b/charts/rancher-istio/1.4.3/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.3/charts/tracing/Chart.yaml b/charts/rancher-istio/1.4.3/charts/tracing/Chart.yaml deleted file mode 100755 index debdbc09f..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.3/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.4.3/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index 916c25c7d..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ .Values.jaeger.hub }}/{{ .Values.jaeger.image }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.3/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.4.3/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index da779bf45..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ .Values.zipkin.hub }}/{{ .Values.zipkin.image }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.3/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.4.3/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.4.3/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.4.3/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index 38c4170b1..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.4.3/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.4.3/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.4.3/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.4.3/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index b87f487e0..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: pstauffer/curl:v1.0.3 - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/charts/tracing/values.yaml b/charts/rancher-istio/1.4.3/charts/tracing/values.yaml deleted file mode 100755 index 16017c13f..000000000 --- a/charts/rancher-istio/1.4.3/charts/tracing/values.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - hub: docker.io/jaegertracing - image: all-in-one - tag: 1.14 - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - hub: docker.io/openzipkin - image: zipkin - tag: 2.14.2 - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.4.3/example-values/README.md b/charts/rancher-istio/1.4.3/example-values/README.md deleted file mode 100755 index 74fedcb60..000000000 --- a/charts/rancher-istio/1.4.3/example-values/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Example Values - -These files provide various example values for different Istio setups. - -To use them, [read the docs](https://istio.io/docs/setup/kubernetes/helm-install/) and add the flag `--values example-file.yaml`. diff --git a/charts/rancher-istio/1.4.3/example-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.3/example-values/values-istio-dns-cert.yaml deleted file mode 100755 index c00676fe9..000000000 --- a/charts/rancher-istio/1.4.3/example-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,6 +0,0 @@ -global: - certificates: - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.3/example-values/values-istio-example-sds-vault.yaml b/charts/rancher-istio/1.4.3/example-values/values-istio-example-sds-vault.yaml deleted file mode 100755 index a8aa337de..000000000 --- a/charts/rancher-istio/1.4.3/example-values/values-istio-example-sds-vault.yaml +++ /dev/null @@ -1,26 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - -nodeagent: - enabled: true - image: node-agent-k8s - env: - # The IP address and the port number of a publicly accessible example Vault server. - CA_ADDR: "https://34.83.129.211:8200" - CA_PROVIDER: "VaultCA" - VALID_TOKEN: true - # The IP address and the port number of a publicly accessible example Vault server. - VAULT_ADDR: "https://34.83.129.211:8200" - VAULT_AUTH_PATH: "auth/kubernetes/login" - VAULT_ROLE: "istio-cert" - VAULT_SIGN_CSR_PATH: "istio_ca/sign/istio-pki-role" - VAULT_TLS_ROOT_CERT: '-----BEGIN CERTIFICATE-----\nMIIC3jCCAcagAwIBAgIRAO1S7vuRQmo2He+RtBq3fv8wDQYJKoZIhvcNAQELBQAw\nEDEOMAwGA1UEChMFVmF1bHQwIBcNMTkwNDI3MTY1ODE1WhgPMjExOTA0MDMxNjU4\nMTVaMBAxDjAMBgNVBAoTBVZhdWx0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA7/CTbnENEIvFZg9hmVtYnOx3OfMy/GNCuP7sqtAeVVTopAKKkcAAWQck\nrhpBooEGpCugNxXGNCuJh/2nu0AfGFRfdafwSJRoI6yHwQouDm0o4r3h9uL3tu5N\nD+x9j+eejbFsoZVn84CxGkEB6oyeXYHjc6eWh3PFGMtKuOQD4pezvDH0yNCx5waK\nhtPuYtl0ebfdbyh+WQuptO+Q9VSaQNqE3ipZ461y8PduwRRll241W0gQB2iasX03\nD36F2ZrMz3KEVRVKM1yCUDCy2RPJqkXPdnVMWmDGbe8Uw69zr25JltzuRZFT9HL3\nY1RnMTecmSc4ikTUHcMhFX3PYbfR5wIDAQABozEwLzAOBgNVHQ8BAf8EBAMCBaAw\nDAYDVR0TAQH/BAIwADAPBgNVHREECDAGhwQiU4HTMA0GCSqGSIb3DQEBCwUAA4IB\nAQCdLh6olDVQB71LD6srbfAE4EsxLEBbIRnv7Nf1S0KQwgW/QxK8DHBwJBxJkr1N\nzgEPx86f2Fo2UsY9m6rvgP3+iquyMsKi0ooUah3y3LSnONuZcdfSTl/HYd38S6Dp\nVkVOZ7781xxpFVUqQ5voQX1Y1Ipn5qw0FyIcNYWLkNX+iMf1b9kpEIWQNhRC/Yiv\nTS0VA/BzQemGyf2UB6QsuZLH+JFEZnzU859qURnNIITa1Wf4YUtka5Sp1kDnEll3\nwj4IlXKU+Wl1CzxJyn4SSQAXy/Lb08ZKrF/YSzcIISnRX5j+wa8ApOSwwA/B7iaT\nTWz1g+RlV9qHap70eIjPsQvb\n-----END CERTIFICATE-----' diff --git a/charts/rancher-istio/1.4.3/example-values/values-istio-gateways.yaml b/charts/rancher-istio/1.4.3/example-values/values-istio-gateways.yaml deleted file mode 100755 index b9930d0a0..000000000 --- a/charts/rancher-istio/1.4.3/example-values/values-istio-gateways.yaml +++ /dev/null @@ -1,135 +0,0 @@ -# Common settings. -global: - # Omit the istio-sidecar-injector configmap when generate a - # standalone gateway. Gateways may be created in namespaces other - # than `istio-system` and we don't want to re-create the injector - # configmap in those. - omitSidecarInjectorConfigMap: true - - # Istio control plane namespace: This specifies where the Istio control - # plane was installed earlier. Modify this if you installed the control - # plane in a different namespace than istio-system. - istioNamespace: istio-system - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specific gateway by setting the `enabled` to false. -# -gateways: - enabled: true - - custom-gateway: - enabled: true - labels: - app: custom-gateway - replicaCount: 1 - autoscaleMin: 1 - autoscaleMax: 5 - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - #requests: - # cpu: 1800m - # memory: 256Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: {} - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - - port: 80 - targetPort: 80 - name: http2 - # nodePort: 31380 - - port: 443 - name: https - # nodePort: 31390 - - port: 31400 - name: tcp - # nodePort: 31400 - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Addon ports for kiali are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15029 - targetPort: 15029 - name: http2-kiali - # Telemetry-related ports are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15030 - targetPort: 15030 - name: http2-prometheus - - port: 15031 - targetPort: 15031 - name: http2-grafana - - port: 15032 - targetPort: 15032 - name: http2-tracing - secretVolumes: - - name: customgateway-certs - secretName: istio-customgateway-certs - mountPath: /etc/istio/customgateway-certs - - name: customgateway-ca-certs - secretName: istio-customgateway-ca-certs - mountPath: /etc/istio/customgateway-ca-certs - -# all other components are disabled except the gateways -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - -grafana: - enabled: false - -prometheus: - enabled: false - -tracing: - enabled: false - -kiali: - enabled: false - -certmanager: - enabled: false diff --git a/charts/rancher-istio/1.4.3/example-values/values-istio-googleca.yaml b/charts/rancher-istio/1.4.3/example-values/values-istio-googleca.yaml deleted file mode 100755 index 0e6d15342..000000000 --- a/charts/rancher-istio/1.4.3/example-values/values-istio-googleca.yaml +++ /dev/null @@ -1,28 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - # For GoogleCA, the aud field need to be set to the trustDomain, which is also set at the - # installation/configuration time, e.g. by running helm template. - token: - aud: "" - - trustDomain: "" - - useMCP: true - -nodeagent: - enabled: true - image: node-agent-k8s - env: - CA_PROVIDER: "GoogleCA" - CA_ADDR: "meshca.googleapis.com:443" - PLUGINS: "GoogleTokenExchange" - GKE_CLUSTER_URL: "" diff --git a/charts/rancher-istio/1.4.3/example-values/values-istio-meshexpansion-gateways.yaml b/charts/rancher-istio/1.4.3/example-values/values-istio-meshexpansion-gateways.yaml deleted file mode 100755 index 51a1ded16..000000000 --- a/charts/rancher-istio/1.4.3/example-values/values-istio-meshexpansion-gateways.yaml +++ /dev/null @@ -1,28 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - meshExpansion: - enabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.3/example-values/values-istio-multicluster-gateways.yaml b/charts/rancher-istio/1.4.3/example-values/values-istio-multicluster-gateways.yaml deleted file mode 100755 index 3524a3d47..000000000 --- a/charts/rancher-istio/1.4.3/example-values/values-istio-multicluster-gateways.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.3/files/injection-template.yaml b/charts/rancher-istio/1.4.3/files/injection-template.yaml deleted file mode 100755 index b8da3237f..000000000 --- a/charts/rancher-istio/1.4.3/files/injection-template.yaml +++ /dev/null @@ -1,432 +0,0 @@ -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} -{{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }} -initContainers: -{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{- if not .Values.istio_cni.enabled }} -- name: istio-init -{{- if contains "/" .Values.global.proxy_init.image }} - image: "{{ .Values.global.proxy_init.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" -{{- end }} - command: - - istio-iptables - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" -{{- if .Values.global.proxy.init.resources }} - resources: - {{ toYaml .Values.global.proxy.init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - add: - - NET_ADMIN - - NET_RAW - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - restartPolicy: Always -{{- end }} -{{ end -}} -{{- if eq .Values.global.proxy.enableCoreDump true }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - image: {{ $.Values.global.proxy.enableCoreDumpImage }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} -{{- end }} -containers: -- name: istio-proxy -{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" -{{- else }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" - - --applicationPorts - - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else -}} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.4.3/questions.yaml b/charts/rancher-istio/1.4.3/questions.yaml deleted file mode 100644 index 777cbf9df..000000000 --- a/charts/rancher-istio/1.4.3/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v1.4.3: 1.4.3 -rancher_min_version: 2.3.4-rc1 -rancher_max_version: 2.3.4-rc1 diff --git a/charts/rancher-istio/1.4.3/requirements.yaml b/charts/rancher-istio/1.4.3/requirements.yaml deleted file mode 100755 index 2ec15d95a..000000000 --- a/charts/rancher-istio/1.4.3/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.4.3 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.4.3 - condition: security.enabled - - name: gateways - version: 1.4.3 - condition: gateways.enabled - - name: mixer - version: 1.4.3 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.4.3 - condition: nodeagent.enabled - - name: pilot - version: 1.4.3 - condition: pilot.enabled - - name: grafana - version: 1.4.3 - condition: grafana.enabled - - name: prometheus - version: 1.4.3 - condition: prometheus.enabled - - name: tracing - version: 1.4.3 - condition: tracing.enabled - - name: galley - version: 1.4.3 - condition: galley.enabled - - name: kiali - version: 1.4.3 - condition: kiali.enabled - - name: istiocoredns - version: 1.4.3 - condition: istiocoredns.enabled - - name: certmanager - version: 1.4.3 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.4.3/templates/NOTES.txt b/charts/rancher-istio/1.4.3/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.4.3/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.4.3/templates/_affinity.tpl b/charts/rancher-istio/1.4.3/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.4.3/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/templates/_helpers.tpl b/charts/rancher-istio/1.4.3/templates/_helpers.tpl deleted file mode 100755 index b1f54a4e2..000000000 --- a/charts/rancher-istio/1.4.3/templates/_helpers.tpl +++ /dev/null @@ -1,39 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.3/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.4.3/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.4.3/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.4.3/templates/clusterrole.yaml b/charts/rancher-istio/1.4.3/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.4.3/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.3/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.3/templates/clusterrolebinding.yaml deleted file mode 100755 index 827601b3d..000000000 --- a/charts/rancher-istio/1.4.3/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.3/templates/configmap.yaml b/charts/rancher-istio/1.4.3/templates/configmap.yaml deleted file mode 100755 index e260cbb7f..000000000 --- a/charts/rancher-istio/1.4.3/templates/configmap.yaml +++ /dev/null @@ -1,341 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - - {{ .Values.pilot.configSource.subscribedResources }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/templates/crd-10.yaml b/charts/rancher-istio/1.4.3/templates/crd-10.yaml deleted file mode 100644 index f017e2658..000000000 --- a/charts/rancher-istio/1.4.3/templates/crd-10.yaml +++ /dev/null @@ -1,4816 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible - for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is - exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP - requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a - backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per - connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP - upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on - the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer - algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep - analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to - the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server - during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded - to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to - a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool - connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to - a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to - a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS - handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more - details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was - generated. - type: integer - service: - description: The fully qualified service name for this - cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match - on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply - the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's - match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual - host. - properties: - action: - description: Match a route with specific action - type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener - is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway - listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified - cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates - to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection - per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override - the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value - of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` - before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled - limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL - or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these - routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - appendHeaders: - additionalProperties: - format: string - type: string - type: object - appendRequestHeaders: - additionalProperties: - format: string - type: string - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - type: object - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - nullable: true - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. - items: - format: string - type: string - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at - the client side. - properties: - abort: - oneOf: - - properties: - percent: {} - required: - - httpStatus - - properties: - percent: {} - required: - - grpcStatus - - properties: - percent: {} - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http - request. - format: int32 - type: integer - percent: - description: Percentage of requests to be aborted with - the error code provided (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with - the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - properties: - percent: {} - required: - - fixedDelay - - properties: - percent: {} - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay - will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should - be case-insensitive. - type: boolean - method: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being - addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A http rule can either redirect or forward (default) - traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - removeRequestHeaders: - items: - format: string - type: string - type: array - removeResponseHeaders: - items: - format: string - type: string - type: array - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes - place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A http rule can either redirect or forward (default) - traffic. - items: - properties: - appendRequestHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_request_headers` is deprecated. - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_response_headers` is deprecated. - type: object - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - removeRequestHeaders: - description: Use of `remove_request_headers` is deprecated. - items: - format: string - type: string - type: array - removeResponseHeaders: - description: Use of `remove_response_header` is deprecated. - items: - format: string - type: string - type: array - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - websocketUpgrade: - description: Deprecated. - type: boolean - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.3/templates/crd-11.yaml b/charts/rancher-istio/1.4.3/templates/crd-11.yaml deleted file mode 100644 index 0de33afd9..000000000 --- a/charts/rancher-istio/1.4.3/templates/crd-11.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. - See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The ip to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.3/templates/crd-14.yaml b/charts/rancher-istio/1.4.3/templates/crd-14.yaml deleted file mode 100644 index a7a07dacf..000000000 --- a/charts/rancher-istio/1.4.3/templates/crd-14.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app: istio-pilot - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io - annotations: - helm.sh/hook: crd-install -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details - at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html' - properties: - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - values: - description: The allowed values for the attribute. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.3/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.4.3/templates/crd-certmanager-10.yaml deleted file mode 100644 index a3a61f7f5..000000000 --- a/charts/rancher-istio/1.4.3/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.4.3/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.4.3/templates/crd-certmanager-11.yaml deleted file mode 100644 index ea6a96967..000000000 --- a/charts/rancher-istio/1.4.3/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.4.3/templates/endpoints.yaml b/charts/rancher-istio/1.4.3/templates/endpoints.yaml deleted file mode 100755 index 81b821853..000000000 --- a/charts/rancher-istio/1.4.3/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.4.3/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.4.3/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.4.3/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.4.3/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.4.3/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.4.3/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.3/templates/service.yaml b/charts/rancher-istio/1.4.3/templates/service.yaml deleted file mode 100755 index 732cdefd2..000000000 --- a/charts/rancher-istio/1.4.3/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.4.3/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.3/templates/serviceaccount.yaml deleted file mode 100755 index e52d9eb9c..000000000 --- a/charts/rancher-istio/1.4.3/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.3/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.4.3/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.4.3/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.3/test-values/README.md b/charts/rancher-istio/1.4.3/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.4.3/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.4.3/test-values/values-e2e.yaml b/charts/rancher-istio/1.4.3/test-values/values-e2e.yaml deleted file mode 100755 index 18264aa2f..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - kiali: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index 843869703..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,24 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - image: node-agent-k8s - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.3/test-values/values-istio.yaml b/charts/rancher-istio/1.4.3/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.4.3/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.3/values-istio-demo.yaml b/charts/rancher-istio/1.4.3/values-istio-demo.yaml deleted file mode 100755 index d28dbaaf2..000000000 --- a/charts/rancher-istio/1.4.3/values-istio-demo.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# This is used to generate istio.yaml for minimal, demo mode. -# It is shipped with the release, used for bookinfo or quick installation of istio. -# Includes components used in the demo, defaults to alpha3 rules. -global: - controlPlaneSecurityEnabled: false - - proxy: - accessLogFile: "/dev/stdout" - resources: - requests: - cpu: 10m - memory: 40Mi - - disablePolicyChecks: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - -sidecarInjectorWebhook: - enabled: true - # If true, webhook or istioctl injector will rewrite PodSpec for liveness - # health check to redirect request to sidecar. This makes liveness check work - # even when mTLS is enabled. - rewriteAppHTTPProbe: false - -pilot: - autoscaleEnabled: false - traceSampling: 100.0 - resources: - requests: - cpu: 10m - memory: 100Mi - -mixer: - policy: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - - telemetry: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 50m - memory: 100Mi - - adapters: - stdio: - enabled: true - -grafana: - enabled: true - -tracing: - enabled: true - -kiali: - enabled: true - createDemoSecret: true - -gateways: - istio-ingressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - - istio-egressgateway: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi diff --git a/charts/rancher-istio/1.4.3/values-istio-minimal.yaml b/charts/rancher-istio/1.4.3/values-istio-minimal.yaml deleted file mode 100755 index de45fa458..000000000 --- a/charts/rancher-istio/1.4.3/values-istio-minimal.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Minimal Istio Configuration: https://istio.io/docs/setup/kubernetes/additional-setup/config-profiles/ -# -pilot: - enabled: true - sidecar: false - -gateways: - enabled: false - -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -prometheus: - enabled: false - - -# Common settings. -global: - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - useMCP: false - - diff --git a/charts/rancher-istio/1.4.3/values-istio-remote.yaml b/charts/rancher-istio/1.4.3/values-istio-remote.yaml deleted file mode 100755 index 4ff03c360..000000000 --- a/charts/rancher-istio/1.4.3/values-istio-remote.yaml +++ /dev/null @@ -1,36 +0,0 @@ -gateways: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - configSource: - subscribedResources: - -security: - enabled: true - createMeshPolicy: false - -prometheus: - enabled: false - -global: - istioRemote: true - - enableTracing: false - - # Sets an identifier for the remote network to be used for Split Horizon EDS. The network will be sent - # to the Pilot when connected by the sidecar and will affect the results returned in EDS requests. - # Based on the network identifier Pilot will return all local endpoints + endpoints of gateways to - # other networks. - # - # Must match the names in the meshNetworks section in the Istio local. - network: "" diff --git a/charts/rancher-istio/1.4.3/values-istio-sds-auth-control-plane-auth-disabled.yaml b/charts/rancher-istio/1.4.3/values-istio-sds-auth-control-plane-auth-disabled.yaml deleted file mode 100755 index 6144aff24..000000000 --- a/charts/rancher-istio/1.4.3/values-istio-sds-auth-control-plane-auth-disabled.yaml +++ /dev/null @@ -1,21 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - image: node-agent-k8s - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.3/values-istio-sds-auth.yaml b/charts/rancher-istio/1.4.3/values-istio-sds-auth.yaml deleted file mode 100755 index 83085dfb0..000000000 --- a/charts/rancher-istio/1.4.3/values-istio-sds-auth.yaml +++ /dev/null @@ -1,21 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - image: node-agent-k8s - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.3/values.yaml b/charts/rancher-istio/1.4.3/values.yaml deleted file mode 100755 index 350926432..000000000 --- a/charts/rancher-istio/1.4.3/values.yaml +++ /dev/null @@ -1,649 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - image: istio-sidecar_injector - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - image: istio-galley - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - image: istio-mixer - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - image: istio-pilot - enabled: true - -# -# security configuration -# -security: - image: istio-citadel - enabled: true - -# -# nodeagent configuration -# -nodeagent: - image: istio-node-agent-k8s - enabled: false - -# -# addon grafana configuration -# -grafana: - image: grafana-grafana - enabled: false - -# -# addon prometheus configuration -# -prometheus: - image: prom-prometheus - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - jaeger: - hub: docker.io/rancher - image: jaegertracing-all-in-one - zipkin: - hub: docker.io/rancher - image: openzipkin-zipkin - enabled: false - -# -# addon kiali tracing configuration -# -kiali: - hub: docker.io/rancher - image: kiali-kiali - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - enabled: false - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - -# addon Istio CoreDNS configuration -# -istiocoredns: - coreDNSImage: coredns-coredns - coreDNSPluginImage: istio-coredns-plugin - enabled: false - -# Common settings used among istio subcharts. -global: - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.4.3 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - proxy: - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - # use fully qualified image names for alternate path to proxy. - image: istio-proxyv2 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - image: istio-proxyv2 - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: false - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: false - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-istio/1.4.300/.helmignore b/charts/rancher-istio/1.4.300/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.300/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.300/Chart.yaml b/charts/rancher-istio/1.4.300/Chart.yaml deleted file mode 100755 index 33a22c3e2..000000000 --- a/charts/rancher-istio/1.4.300/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -name: rancher-istio -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' -version: 1.4.300 diff --git a/charts/rancher-istio/1.4.300/LICENSE b/charts/rancher-istio/1.4.300/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.4.300/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.4.300/README.md b/charts/rancher-istio/1.4.300/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.4.300/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.4.300/charts/certmanager/Chart.yaml deleted file mode 100755 index d97ed6aae..000000000 --- a/charts/rancher-istio/1.4.300/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.4.300/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.4.300/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.4.300/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 4c727365d..000000000 --- a/charts/rancher-istio/1.4.300/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- else }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.4.300/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.4.300/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.300/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index b251e3653..000000000 --- a/charts/rancher-istio/1.4.300/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.4.300/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.4.300/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.4.300/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/values.yaml b/charts/rancher-istio/1.4.300/charts/certmanager/values.yaml deleted file mode 100755 index 2d6854193..000000000 --- a/charts/rancher-istio/1.4.300/charts/certmanager/values.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.300/charts/galley/Chart.yaml b/charts/rancher-istio/1.4.300/charts/galley/Chart.yaml deleted file mode 100755 index 981de920c..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.4.300/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index 427a50463..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["*"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - resourceNames: ["istio-galley"] - verbs: ["get"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["deployments/finalizers"] - resourceNames: ["istio-galley"] - verbs: ["update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.300/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.300/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.300/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.4.300/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.4.300/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/galley/templates/deployment.yaml deleted file mode 100755 index 458d98338..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/healthliveness - - --readinessProbePath=/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --validation-webhook-config-file - - /etc/config/validatingwebhookconfiguration.yaml - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - - name: config - configMap: - name: istio-galley-configuration - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.300/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.300/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 75bf77834..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/galley/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/galley/templates/service.yaml deleted file mode 100755 index cd21fd192..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.4.300/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.300/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.4.300/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 253fd2156..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,127 +0,0 @@ -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - failurePolicy: Fail - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - circonuses - - deniers - - fluentds - - kubernetesenvs - - listcheckers - - memquotas - - noops - - opas - - prometheuses - - rbacs - - solarwindses - - stackdrivers - - cloudwatches - - dogstatsds - - statsds - - stdios - - apikeys - - authorizations - - checknothings - # - kuberneteses - - listentries - - logentries - - metrics - - quotas - - reportnothings - - tracespans - - adapters - - handlers - - instances - - templates - - zipkins - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/galley/values.yaml b/charts/rancher-istio/1.4.300/charts/galley/values.yaml deleted file mode 100755 index 68eff963f..000000000 --- a/charts/rancher-istio/1.4.300/charts/galley/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.4.300/charts/gateways/Chart.yaml b/charts/rancher-istio/1.4.300/charts/gateways/Chart.yaml deleted file mode 100755 index 707721f88..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.4.300/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.4.300/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/gateways/templates/deployment.yaml deleted file mode 100755 index 6c1419bcd..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,387 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- if $spec.applicationPorts }} - - --applicationPorts - - "{{ $spec.applicationPorts }}" - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.300/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 36a2d5a9c..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.4.300/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 31e431db7..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,241 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadLabels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - filters: - - listenerMatch: - portNumber: 15443 - listenerType: GATEWAY - insertPosition: - index: AFTER - relativeTo: envoy.filters.network.sni_cluster - filterName: envoy.filters.network.tcp_cluster_rewrite - filterType: NETWORK - filterConfig: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.4.300/charts/gateways/templates/role.yaml deleted file mode 100755 index 37bdf3ef8..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.4.300/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index cd3245b01..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.300/charts/gateways/values.yaml b/charts/rancher-istio/1.4.300/charts/gateways/values.yaml deleted file mode 100755 index 23a16798f..000000000 --- a/charts/rancher-istio/1.4.300/charts/gateways/values.yaml +++ /dev/null @@ -1,286 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - # Ports to explicitly check for readiness. If configured, the readiness check will expect a - # listener on these ports. A comma separated list is expected, such as "80,443". - # - # Warning: If you do not have a gateway configured for the ports provided, this check will always - # fail. This is intended for use cases where you always expect to have a listener on the port, - # such as 80 or 443 in typical setups. - applicationPorts: "" - - env: - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.4.300/charts/grafana/Chart.yaml b/charts/rancher-istio/1.4.300/charts/grafana/Chart.yaml deleted file mode 100755 index 21728367f..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.4.300/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index ffe4551a9..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"citadel\", pod_name=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.4.300/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index d67d6e5e8..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1734 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 3826fbae8..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.4.300/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index b074d13ba..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.4.300/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index b8ef6d2d7..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.300/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.4.300/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index d699709b8..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/deployment.yaml deleted file mode 100755 index 9ad2a7f56..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index 7c8d1944b..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/grafana/values.yaml b/charts/rancher-istio/1.4.300/charts/grafana/values.yaml deleted file mode 100755 index 7b977c1e7..000000000 --- a/charts/rancher-istio/1.4.300/charts/grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/Chart.yaml deleted file mode 100755 index e48e90d2e..000000000 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 4b2a2d42a..000000000 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.image.tag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index 4af0a2256..000000000 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/values.yaml deleted file mode 100755 index f2268c02a..000000000 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.300/charts/kiali/Chart.yaml b/charts/rancher-istio/1.4.300/charts/kiali/Chart.yaml deleted file mode 100755 index 5f0949d8b..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.0 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.0 diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 055edd624..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - auth: - strategy: {{ .Values.dashboard.auth.strategy }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/deployment.yaml deleted file mode 100755 index d0624ef08..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index e2a1ff671..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/kiali/values.yaml b/charts/rancher-istio/1.4.300/charts/kiali/values.yaml deleted file mode 100755 index c22d4325d..000000000 --- a/charts/rancher-istio/1.4.300/charts/kiali/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, or openshift - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.4.300/charts/mixer/Chart.yaml b/charts/rancher-istio/1.4.300/charts/mixer/Chart.yaml deleted file mode 100755 index 3eb767216..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.4.300/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.4.300/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.300/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.4.300/charts/mixer/templates/config.yaml deleted file mode 100755 index 07f5893be..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1092 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: request.scheme | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 60bba11e5..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - security.istio.io/tlsMode: "istio" - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.4.300/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.300/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index a6bfe8668..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.300/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/mixer/values.yaml b/charts/rancher-istio/1.4.300/charts/mixer/values.yaml deleted file mode 100755 index 6a56f375a..000000000 --- a/charts/rancher-istio/1.4.300/charts/mixer/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# -# mixer configuration -# - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.4.300/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.4.300/charts/nodeagent/Chart.yaml deleted file mode 100755 index 2827ec853..000000000 --- a/charts/rancher-istio/1.4.300/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.4.300/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.300/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.4.300/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index a4d2463d6..000000000 --- a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.300/charts/nodeagent/values.yaml b/charts/rancher-istio/1.4.300/charts/nodeagent/values.yaml deleted file mode 100755 index 9138c4647..000000000 --- a/charts/rancher-istio/1.4.300/charts/nodeagent/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -env: - # name of authentication provider. - CA_PROVIDER: "" - # CA endpoint. - CA_ADDR: "" - # names of authentication provider's plugins. - PLUGINS: "" -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.300/charts/pilot/Chart.yaml b/charts/rancher-istio/1.4.300/charts/pilot/Chart.yaml deleted file mode 100755 index dd73676ab..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.4.300/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.4.300/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index 83af8fb06..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["security.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["*"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.300/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.4.300/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 7e7cd2b97..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.300/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.300/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index fd9e06a71..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.300/charts/pilot/values.yaml b/charts/rancher-istio/1.4.300/charts/pilot/values.yaml deleted file mode 100755 index 84c90d9ed..000000000 --- a/charts/rancher-istio/1.4.300/charts/pilot/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/Chart.yaml deleted file mode 100755 index 668a0019d..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index 1b26fa5a1..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,281 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name \ No newline at end of file diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 1033a2f5b..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index c36ce3f5c..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/values.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/values.yaml deleted file mode 100755 index 4edb9bcc6..000000000 --- a/charts/rancher-istio/1.4.300/charts/prometheus/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.4.300/charts/security/Chart.yaml b/charts/rancher-istio/1.4.300/charts/security/Chart.yaml deleted file mode 100755 index 0dbdac550..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index 4674cf141..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/deployment.yaml deleted file mode 100755 index 81d0c6b28..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 75e4a18e3..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index b6944e026..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 481b486de..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/security/values.yaml b/charts/rancher-istio/1.4.300/charts/security/values.yaml deleted file mode 100755 index ba92eea7d..000000000 --- a/charts/rancher-istio/1.4.300/charts/security/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index 388744cec..000000000 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.3 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index 95a2ea8e9..000000000 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index 537e6f960..000000000 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index ec64f8ed5..000000000 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: false - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.4.300/charts/tracing/.helmignore b/charts/rancher-istio/1.4.300/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.300/charts/tracing/Chart.yaml b/charts/rancher-istio/1.4.300/charts/tracing/Chart.yaml deleted file mode 100755 index debdbc09f..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.4.3 diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index da54eeb94..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index eef24fc16..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.4.300/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.4.300/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.4.300/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index 38c4170b1..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.4.300/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.4.300/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index 64248e8c5..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/charts/tracing/values.yaml b/charts/rancher-istio/1.4.300/charts/tracing/values.yaml deleted file mode 100755 index cc55ea4af..000000000 --- a/charts/rancher-istio/1.4.300/charts/tracing/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.4.300/example-values/README.md b/charts/rancher-istio/1.4.300/example-values/README.md deleted file mode 100755 index 74fedcb60..000000000 --- a/charts/rancher-istio/1.4.300/example-values/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Example Values - -These files provide various example values for different Istio setups. - -To use them, [read the docs](https://istio.io/docs/setup/kubernetes/helm-install/) and add the flag `--values example-file.yaml`. diff --git a/charts/rancher-istio/1.4.300/example-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.300/example-values/values-istio-dns-cert.yaml deleted file mode 100755 index c00676fe9..000000000 --- a/charts/rancher-istio/1.4.300/example-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,6 +0,0 @@ -global: - certificates: - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.300/example-values/values-istio-example-sds-vault.yaml b/charts/rancher-istio/1.4.300/example-values/values-istio-example-sds-vault.yaml deleted file mode 100755 index 3e3ac0221..000000000 --- a/charts/rancher-istio/1.4.300/example-values/values-istio-example-sds-vault.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.3 - env: - # The IP address and the port number of a publicly accessible example Vault server. - CA_ADDR: "https://34.83.129.211:8200" - CA_PROVIDER: "VaultCA" - VALID_TOKEN: true - # The IP address and the port number of a publicly accessible example Vault server. - VAULT_ADDR: "https://34.83.129.211:8200" - VAULT_AUTH_PATH: "auth/kubernetes/login" - VAULT_ROLE: "istio-cert" - VAULT_SIGN_CSR_PATH: "istio_ca/sign/istio-pki-role" - VAULT_TLS_ROOT_CERT: '-----BEGIN CERTIFICATE-----\nMIIC3jCCAcagAwIBAgIRAO1S7vuRQmo2He+RtBq3fv8wDQYJKoZIhvcNAQELBQAw\nEDEOMAwGA1UEChMFVmF1bHQwIBcNMTkwNDI3MTY1ODE1WhgPMjExOTA0MDMxNjU4\nMTVaMBAxDjAMBgNVBAoTBVZhdWx0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA7/CTbnENEIvFZg9hmVtYnOx3OfMy/GNCuP7sqtAeVVTopAKKkcAAWQck\nrhpBooEGpCugNxXGNCuJh/2nu0AfGFRfdafwSJRoI6yHwQouDm0o4r3h9uL3tu5N\nD+x9j+eejbFsoZVn84CxGkEB6oyeXYHjc6eWh3PFGMtKuOQD4pezvDH0yNCx5waK\nhtPuYtl0ebfdbyh+WQuptO+Q9VSaQNqE3ipZ461y8PduwRRll241W0gQB2iasX03\nD36F2ZrMz3KEVRVKM1yCUDCy2RPJqkXPdnVMWmDGbe8Uw69zr25JltzuRZFT9HL3\nY1RnMTecmSc4ikTUHcMhFX3PYbfR5wIDAQABozEwLzAOBgNVHQ8BAf8EBAMCBaAw\nDAYDVR0TAQH/BAIwADAPBgNVHREECDAGhwQiU4HTMA0GCSqGSIb3DQEBCwUAA4IB\nAQCdLh6olDVQB71LD6srbfAE4EsxLEBbIRnv7Nf1S0KQwgW/QxK8DHBwJBxJkr1N\nzgEPx86f2Fo2UsY9m6rvgP3+iquyMsKi0ooUah3y3LSnONuZcdfSTl/HYd38S6Dp\nVkVOZ7781xxpFVUqQ5voQX1Y1Ipn5qw0FyIcNYWLkNX+iMf1b9kpEIWQNhRC/Yiv\nTS0VA/BzQemGyf2UB6QsuZLH+JFEZnzU859qURnNIITa1Wf4YUtka5Sp1kDnEll3\nwj4IlXKU+Wl1CzxJyn4SSQAXy/Lb08ZKrF/YSzcIISnRX5j+wa8ApOSwwA/B7iaT\nTWz1g+RlV9qHap70eIjPsQvb\n-----END CERTIFICATE-----' diff --git a/charts/rancher-istio/1.4.300/example-values/values-istio-gateways.yaml b/charts/rancher-istio/1.4.300/example-values/values-istio-gateways.yaml deleted file mode 100755 index b9930d0a0..000000000 --- a/charts/rancher-istio/1.4.300/example-values/values-istio-gateways.yaml +++ /dev/null @@ -1,135 +0,0 @@ -# Common settings. -global: - # Omit the istio-sidecar-injector configmap when generate a - # standalone gateway. Gateways may be created in namespaces other - # than `istio-system` and we don't want to re-create the injector - # configmap in those. - omitSidecarInjectorConfigMap: true - - # Istio control plane namespace: This specifies where the Istio control - # plane was installed earlier. Modify this if you installed the control - # plane in a different namespace than istio-system. - istioNamespace: istio-system - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specific gateway by setting the `enabled` to false. -# -gateways: - enabled: true - - custom-gateway: - enabled: true - labels: - app: custom-gateway - replicaCount: 1 - autoscaleMin: 1 - autoscaleMax: 5 - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - #requests: - # cpu: 1800m - # memory: 256Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: {} - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - - port: 80 - targetPort: 80 - name: http2 - # nodePort: 31380 - - port: 443 - name: https - # nodePort: 31390 - - port: 31400 - name: tcp - # nodePort: 31400 - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Addon ports for kiali are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15029 - targetPort: 15029 - name: http2-kiali - # Telemetry-related ports are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15030 - targetPort: 15030 - name: http2-prometheus - - port: 15031 - targetPort: 15031 - name: http2-grafana - - port: 15032 - targetPort: 15032 - name: http2-tracing - secretVolumes: - - name: customgateway-certs - secretName: istio-customgateway-certs - mountPath: /etc/istio/customgateway-certs - - name: customgateway-ca-certs - secretName: istio-customgateway-ca-certs - mountPath: /etc/istio/customgateway-ca-certs - -# all other components are disabled except the gateways -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - -grafana: - enabled: false - -prometheus: - enabled: false - -tracing: - enabled: false - -kiali: - enabled: false - -certmanager: - enabled: false diff --git a/charts/rancher-istio/1.4.300/example-values/values-istio-googleca.yaml b/charts/rancher-istio/1.4.300/example-values/values-istio-googleca.yaml deleted file mode 100755 index e9743b167..000000000 --- a/charts/rancher-istio/1.4.300/example-values/values-istio-googleca.yaml +++ /dev/null @@ -1,29 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - # For GoogleCA, the aud field need to be set to the trustDomain, which is also set at the - # installation/configuration time, e.g. by running helm template. - token: - aud: "" - - trustDomain: "" - - useMCP: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.3 - env: - CA_PROVIDER: "GoogleCA" - CA_ADDR: "meshca.googleapis.com:443" - PLUGINS: "GoogleTokenExchange" - GKE_CLUSTER_URL: "" diff --git a/charts/rancher-istio/1.4.300/example-values/values-istio-meshexpansion-gateways.yaml b/charts/rancher-istio/1.4.300/example-values/values-istio-meshexpansion-gateways.yaml deleted file mode 100755 index 51a1ded16..000000000 --- a/charts/rancher-istio/1.4.300/example-values/values-istio-meshexpansion-gateways.yaml +++ /dev/null @@ -1,28 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - meshExpansion: - enabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.300/example-values/values-istio-multicluster-gateways.yaml b/charts/rancher-istio/1.4.300/example-values/values-istio-multicluster-gateways.yaml deleted file mode 100755 index 3524a3d47..000000000 --- a/charts/rancher-istio/1.4.300/example-values/values-istio-multicluster-gateways.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.300/files/injection-template.yaml b/charts/rancher-istio/1.4.300/files/injection-template.yaml deleted file mode 100755 index e38444804..000000000 --- a/charts/rancher-istio/1.4.300/files/injection-template.yaml +++ /dev/null @@ -1,436 +0,0 @@ -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} -{{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }} -initContainers: -{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{- if not .Values.istio_cni.enabled }} -- name: istio-init - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" - {{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" - {{- end }} - command: - - istio-iptables - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" -{{- if .Values.global.proxy.init.resources }} - resources: - {{ toYaml .Values.global.proxy.init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - add: - - NET_ADMIN - - NET_RAW - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - restartPolicy: Always -{{- end }} -{{ end -}} -{{- if eq .Values.global.proxy.enableCoreDump true }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} -{{- end }} -containers: -- name: istio-proxy -{{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" -{{- else }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.repository}}:{{ .Values.global.proxy.tag }}" -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" - - --applicationPorts - - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else -}} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.4.300/questions.yaml b/charts/rancher-istio/1.4.300/questions.yaml deleted file mode 100644 index 992940df7..000000000 --- a/charts/rancher-istio/1.4.300/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v1.4.300: 1.4.3 -rancher_min_version: 2.3.4-rc1 -rancher_max_version: 2.3.4-rc1 diff --git a/charts/rancher-istio/1.4.300/requirements.yaml b/charts/rancher-istio/1.4.300/requirements.yaml deleted file mode 100755 index 2ec15d95a..000000000 --- a/charts/rancher-istio/1.4.300/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.4.3 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.4.3 - condition: security.enabled - - name: gateways - version: 1.4.3 - condition: gateways.enabled - - name: mixer - version: 1.4.3 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.4.3 - condition: nodeagent.enabled - - name: pilot - version: 1.4.3 - condition: pilot.enabled - - name: grafana - version: 1.4.3 - condition: grafana.enabled - - name: prometheus - version: 1.4.3 - condition: prometheus.enabled - - name: tracing - version: 1.4.3 - condition: tracing.enabled - - name: galley - version: 1.4.3 - condition: galley.enabled - - name: kiali - version: 1.4.3 - condition: kiali.enabled - - name: istiocoredns - version: 1.4.3 - condition: istiocoredns.enabled - - name: certmanager - version: 1.4.3 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.4.300/templates/NOTES.txt b/charts/rancher-istio/1.4.300/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.4.300/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.4.300/templates/_affinity.tpl b/charts/rancher-istio/1.4.300/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.4.300/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/templates/_helpers.tpl deleted file mode 100755 index cf10568c7..000000000 --- a/charts/rancher-istio/1.4.300/templates/_helpers.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.300/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.4.300/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.4.300/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.4.300/templates/clusterrole.yaml b/charts/rancher-istio/1.4.300/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.4.300/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.300/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.300/templates/clusterrolebinding.yaml deleted file mode 100755 index 827601b3d..000000000 --- a/charts/rancher-istio/1.4.300/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.300/templates/configmap.yaml b/charts/rancher-istio/1.4.300/templates/configmap.yaml deleted file mode 100755 index e260cbb7f..000000000 --- a/charts/rancher-istio/1.4.300/templates/configmap.yaml +++ /dev/null @@ -1,341 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - - {{ .Values.pilot.configSource.subscribedResources }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/templates/crd-10.yaml b/charts/rancher-istio/1.4.300/templates/crd-10.yaml deleted file mode 100644 index f017e2658..000000000 --- a/charts/rancher-istio/1.4.300/templates/crd-10.yaml +++ /dev/null @@ -1,4816 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible - for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is - exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP - requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a - backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per - connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP - upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on - the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer - algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep - analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to - the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server - during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded - to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to - a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool - connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to - a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to - a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS - handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more - details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was - generated. - type: integer - service: - description: The fully qualified service name for this - cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match - on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply - the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's - match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual - host. - properties: - action: - description: Match a route with specific action - type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener - is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway - listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified - cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates - to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection - per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override - the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value - of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` - before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled - limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL - or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these - routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - appendHeaders: - additionalProperties: - format: string - type: string - type: object - appendRequestHeaders: - additionalProperties: - format: string - type: string - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - type: object - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - nullable: true - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. - items: - format: string - type: string - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at - the client side. - properties: - abort: - oneOf: - - properties: - percent: {} - required: - - httpStatus - - properties: - percent: {} - required: - - grpcStatus - - properties: - percent: {} - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http - request. - format: int32 - type: integer - percent: - description: Percentage of requests to be aborted with - the error code provided (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with - the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - properties: - percent: {} - required: - - fixedDelay - - properties: - percent: {} - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay - will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should - be case-insensitive. - type: boolean - method: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being - addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A http rule can either redirect or forward (default) - traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - removeRequestHeaders: - items: - format: string - type: string - type: array - removeResponseHeaders: - items: - format: string - type: string - type: array - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes - place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A http rule can either redirect or forward (default) - traffic. - items: - properties: - appendRequestHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_request_headers` is deprecated. - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_response_headers` is deprecated. - type: object - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - removeRequestHeaders: - description: Use of `remove_request_headers` is deprecated. - items: - format: string - type: string - type: array - removeResponseHeaders: - description: Use of `remove_response_header` is deprecated. - items: - format: string - type: string - type: array - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - websocketUpgrade: - description: Deprecated. - type: boolean - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.300/templates/crd-11.yaml b/charts/rancher-istio/1.4.300/templates/crd-11.yaml deleted file mode 100644 index 0de33afd9..000000000 --- a/charts/rancher-istio/1.4.300/templates/crd-11.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. - See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The ip to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.300/templates/crd-14.yaml b/charts/rancher-istio/1.4.300/templates/crd-14.yaml deleted file mode 100644 index e51edfc5c..000000000 --- a/charts/rancher-istio/1.4.300/templates/crd-14.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app: istio-pilot - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io - annotations: - helm.sh/hook: crd-install,pre-upgrade -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details - at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html' - properties: - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - values: - description: The allowed values for the attribute. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.300/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.4.300/templates/crd-certmanager-10.yaml deleted file mode 100644 index a3a61f7f5..000000000 --- a/charts/rancher-istio/1.4.300/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.4.300/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.4.300/templates/crd-certmanager-11.yaml deleted file mode 100644 index ea6a96967..000000000 --- a/charts/rancher-istio/1.4.300/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.4.300/templates/endpoints.yaml b/charts/rancher-istio/1.4.300/templates/endpoints.yaml deleted file mode 100755 index 81b821853..000000000 --- a/charts/rancher-istio/1.4.300/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.4.300/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.4.300/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.4.300/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.4.300/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.4.300/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.4.300/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.300/templates/service.yaml b/charts/rancher-istio/1.4.300/templates/service.yaml deleted file mode 100755 index 732cdefd2..000000000 --- a/charts/rancher-istio/1.4.300/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.4.300/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.300/templates/serviceaccount.yaml deleted file mode 100755 index e52d9eb9c..000000000 --- a/charts/rancher-istio/1.4.300/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.300/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.4.300/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.4.300/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.300/test-values/README.md b/charts/rancher-istio/1.4.300/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.4.300/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.4.300/test-values/values-e2e.yaml b/charts/rancher-istio/1.4.300/test-values/values-e2e.yaml deleted file mode 100755 index 18264aa2f..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - kiali: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index c4562c74d..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,25 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.3 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.4.300/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.300/values-istio-demo.yaml b/charts/rancher-istio/1.4.300/values-istio-demo.yaml deleted file mode 100755 index d28dbaaf2..000000000 --- a/charts/rancher-istio/1.4.300/values-istio-demo.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# This is used to generate istio.yaml for minimal, demo mode. -# It is shipped with the release, used for bookinfo or quick installation of istio. -# Includes components used in the demo, defaults to alpha3 rules. -global: - controlPlaneSecurityEnabled: false - - proxy: - accessLogFile: "/dev/stdout" - resources: - requests: - cpu: 10m - memory: 40Mi - - disablePolicyChecks: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - -sidecarInjectorWebhook: - enabled: true - # If true, webhook or istioctl injector will rewrite PodSpec for liveness - # health check to redirect request to sidecar. This makes liveness check work - # even when mTLS is enabled. - rewriteAppHTTPProbe: false - -pilot: - autoscaleEnabled: false - traceSampling: 100.0 - resources: - requests: - cpu: 10m - memory: 100Mi - -mixer: - policy: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - - telemetry: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 50m - memory: 100Mi - - adapters: - stdio: - enabled: true - -grafana: - enabled: true - -tracing: - enabled: true - -kiali: - enabled: true - createDemoSecret: true - -gateways: - istio-ingressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - - istio-egressgateway: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi diff --git a/charts/rancher-istio/1.4.300/values-istio-minimal.yaml b/charts/rancher-istio/1.4.300/values-istio-minimal.yaml deleted file mode 100755 index de45fa458..000000000 --- a/charts/rancher-istio/1.4.300/values-istio-minimal.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Minimal Istio Configuration: https://istio.io/docs/setup/kubernetes/additional-setup/config-profiles/ -# -pilot: - enabled: true - sidecar: false - -gateways: - enabled: false - -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -prometheus: - enabled: false - - -# Common settings. -global: - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - useMCP: false - - diff --git a/charts/rancher-istio/1.4.300/values-istio-remote.yaml b/charts/rancher-istio/1.4.300/values-istio-remote.yaml deleted file mode 100755 index 4ff03c360..000000000 --- a/charts/rancher-istio/1.4.300/values-istio-remote.yaml +++ /dev/null @@ -1,36 +0,0 @@ -gateways: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - configSource: - subscribedResources: - -security: - enabled: true - createMeshPolicy: false - -prometheus: - enabled: false - -global: - istioRemote: true - - enableTracing: false - - # Sets an identifier for the remote network to be used for Split Horizon EDS. The network will be sent - # to the Pilot when connected by the sidecar and will affect the results returned in EDS requests. - # Based on the network identifier Pilot will return all local endpoints + endpoints of gateways to - # other networks. - # - # Must match the names in the meshNetworks section in the Istio local. - network: "" diff --git a/charts/rancher-istio/1.4.300/values-istio-sds-auth-control-plane-auth-disabled.yaml b/charts/rancher-istio/1.4.300/values-istio-sds-auth-control-plane-auth-disabled.yaml deleted file mode 100755 index 512c51aa8..000000000 --- a/charts/rancher-istio/1.4.300/values-istio-sds-auth-control-plane-auth-disabled.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.3 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.300/values-istio-sds-auth.yaml b/charts/rancher-istio/1.4.300/values-istio-sds-auth.yaml deleted file mode 100755 index b9e2eaf97..000000000 --- a/charts/rancher-istio/1.4.300/values-istio-sds-auth.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.3 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.300/values.yaml b/charts/rancher-istio/1.4.300/values.yaml deleted file mode 100755 index 2c9d80596..000000000 --- a/charts/rancher-istio/1.4.300/values.yaml +++ /dev/null @@ -1,683 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: 1.4.3 - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.4.3 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - repository: rancher/istio-mixer - tag: 1.4.3 - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: 1.4.3 - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: 1.4.3 - enabled: true - -# -# nodeagent configuration -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - repository: rancher/grafana-grafana - tag: 6.3.6 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.12.0 - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.14 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - enabled: false - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.9 - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - enabled: false - image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.8.1 - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.6.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Common settings used among istio subcharts. -global: - - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - clusterId: - - systemDefaultRegistry: "" - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.4.3 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.4.3 - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - # use fully qualified image names for alternate path to proxy. - repository: rancher/istio-proxyv2 - tag: 1.4.3 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - repository: rancher/istio-proxyv2 - tag: 1.4.3 - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: false - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: false - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - nodeagent: - repository: rancher/istio-node-agent-k8s - tag: 1.4.3 - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-istio/1.4.400/.helmignore b/charts/rancher-istio/1.4.400/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.400/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.400/Chart.yaml b/charts/rancher-istio/1.4.400/Chart.yaml deleted file mode 100755 index 87f8794ed..000000000 --- a/charts/rancher-istio/1.4.400/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -name: rancher-istio -version: 1.4.400 -appVersion: 1.4.4 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' diff --git a/charts/rancher-istio/1.4.400/LICENSE b/charts/rancher-istio/1.4.400/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.4.400/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.4.400/README.md b/charts/rancher-istio/1.4.400/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.4.400/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.4.400/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.4.400/charts/certmanager/Chart.yaml deleted file mode 100755 index 81679903b..000000000 --- a/charts/rancher-istio/1.4.400/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.4.400/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.4.400/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.4.400/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.4.400/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 4c727365d..000000000 --- a/charts/rancher-istio/1.4.400/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- else }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.4.400/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.4.400/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.4.400/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.400/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index b251e3653..000000000 --- a/charts/rancher-istio/1.4.400/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.4.400/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.4.400/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.4.400/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.4.400/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.400/charts/certmanager/values.yaml b/charts/rancher-istio/1.4.400/charts/certmanager/values.yaml deleted file mode 100755 index 2d6854193..000000000 --- a/charts/rancher-istio/1.4.400/charts/certmanager/values.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.400/charts/galley/Chart.yaml b/charts/rancher-istio/1.4.400/charts/galley/Chart.yaml deleted file mode 100755 index 8e6191f54..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.4 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.4.400/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index 427a50463..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["*"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - resourceNames: ["istio-galley"] - verbs: ["get"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["deployments/finalizers"] - resourceNames: ["istio-galley"] - verbs: ["update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.400/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.400/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.400/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.4.400/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.4.400/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/galley/templates/deployment.yaml deleted file mode 100755 index 458d98338..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/healthliveness - - --readinessProbePath=/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --validation-webhook-config-file - - /etc/config/validatingwebhookconfiguration.yaml - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - - name: config - configMap: - name: istio-galley-configuration - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.400/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.400/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 75bf77834..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/galley/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/galley/templates/service.yaml deleted file mode 100755 index cd21fd192..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.4.400/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.400/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.4.400/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 253fd2156..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,127 +0,0 @@ -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - failurePolicy: Fail - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - circonuses - - deniers - - fluentds - - kubernetesenvs - - listcheckers - - memquotas - - noops - - opas - - prometheuses - - rbacs - - solarwindses - - stackdrivers - - cloudwatches - - dogstatsds - - statsds - - stdios - - apikeys - - authorizations - - checknothings - # - kuberneteses - - listentries - - logentries - - metrics - - quotas - - reportnothings - - tracespans - - adapters - - handlers - - instances - - templates - - zipkins - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/galley/values.yaml b/charts/rancher-istio/1.4.400/charts/galley/values.yaml deleted file mode 100755 index 68eff963f..000000000 --- a/charts/rancher-istio/1.4.400/charts/galley/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.4.400/charts/gateways/Chart.yaml b/charts/rancher-istio/1.4.400/charts/gateways/Chart.yaml deleted file mode 100755 index 9f7e841b3..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.4 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.4.400/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.4.400/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/gateways/templates/deployment.yaml deleted file mode 100755 index 6c1419bcd..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,387 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- if $spec.applicationPorts }} - - --applicationPorts - - "{{ $spec.applicationPorts }}" - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.400/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 36a2d5a9c..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.4.400/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 31e431db7..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,241 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadLabels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - filters: - - listenerMatch: - portNumber: 15443 - listenerType: GATEWAY - insertPosition: - index: AFTER - relativeTo: envoy.filters.network.sni_cluster - filterName: envoy.filters.network.tcp_cluster_rewrite - filterType: NETWORK - filterConfig: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.4.400/charts/gateways/templates/role.yaml deleted file mode 100755 index 37bdf3ef8..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.4.400/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index cd3245b01..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.400/charts/gateways/values.yaml b/charts/rancher-istio/1.4.400/charts/gateways/values.yaml deleted file mode 100755 index 23a16798f..000000000 --- a/charts/rancher-istio/1.4.400/charts/gateways/values.yaml +++ /dev/null @@ -1,286 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - # Ports to explicitly check for readiness. If configured, the readiness check will expect a - # listener on these ports. A comma separated list is expected, such as "80,443". - # - # Warning: If you do not have a gateway configured for the ports provided, this check will always - # fail. This is intended for use cases where you always expect to have a listener on the port, - # such as 80 or 443 in typical setups. - applicationPorts: "" - - env: - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.4.400/charts/grafana/Chart.yaml b/charts/rancher-istio/1.4.400/charts/grafana/Chart.yaml deleted file mode 100755 index 293433d37..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.4 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.4.400/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index ffe4551a9..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"citadel\", pod_name=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.4.400/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index d67d6e5e8..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1734 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 3826fbae8..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.4.400/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index b074d13ba..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.4.400/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index b8ef6d2d7..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.400/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.4.400/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.4.400/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.4.400/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.4.400/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.400/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index d699709b8..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/grafana/templates/deployment.yaml deleted file mode 100755 index 9ad2a7f56..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.4.400/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.4.400/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.4.400/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.4.400/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index 7c8d1944b..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/grafana/values.yaml b/charts/rancher-istio/1.4.400/charts/grafana/values.yaml deleted file mode 100755 index 7b977c1e7..000000000 --- a/charts/rancher-istio/1.4.400/charts/grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.4.400/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.4.400/charts/istiocoredns/Chart.yaml deleted file mode 100755 index f5fc8c451..000000000 --- a/charts/rancher-istio/1.4.400/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 4b2a2d42a..000000000 --- a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.image.tag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index 4af0a2256..000000000 --- a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.4.400/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.400/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.4.400/charts/istiocoredns/values.yaml deleted file mode 100755 index f2268c02a..000000000 --- a/charts/rancher-istio/1.4.400/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.400/charts/kiali/Chart.yaml b/charts/rancher-istio/1.4.400/charts/kiali/Chart.yaml deleted file mode 100755 index 5f0949d8b..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.0 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.0 diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.4.400/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.400/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.4.400/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 055edd624..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - auth: - strategy: {{ .Values.dashboard.auth.strategy }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.4.400/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/kiali/templates/deployment.yaml deleted file mode 100755 index d0624ef08..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.4.400/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.4.400/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.400/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.4.400/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index e2a1ff671..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/kiali/values.yaml b/charts/rancher-istio/1.4.400/charts/kiali/values.yaml deleted file mode 100755 index c22d4325d..000000000 --- a/charts/rancher-istio/1.4.400/charts/kiali/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, or openshift - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.4.400/charts/mixer/Chart.yaml b/charts/rancher-istio/1.4.400/charts/mixer/Chart.yaml deleted file mode 100755 index 91656f486..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.4 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.4.400/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.4.400/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.400/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.4.400/charts/mixer/templates/config.yaml deleted file mode 100755 index 07f5893be..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1092 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: request.scheme | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 60bba11e5..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - security.istio.io/tlsMode: "istio" - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.4.400/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.400/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index a6bfe8668..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.400/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/mixer/values.yaml b/charts/rancher-istio/1.4.400/charts/mixer/values.yaml deleted file mode 100755 index 6a56f375a..000000000 --- a/charts/rancher-istio/1.4.400/charts/mixer/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# -# mixer configuration -# - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.4.400/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.4.400/charts/nodeagent/Chart.yaml deleted file mode 100755 index c4523e61b..000000000 --- a/charts/rancher-istio/1.4.400/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.4 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.4.400/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.4.400/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.4.400/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.400/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.400/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.4.400/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.400/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.4.400/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index a4d2463d6..000000000 --- a/charts/rancher-istio/1.4.400/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.4.400/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.4.400/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.400/charts/nodeagent/values.yaml b/charts/rancher-istio/1.4.400/charts/nodeagent/values.yaml deleted file mode 100755 index 9138c4647..000000000 --- a/charts/rancher-istio/1.4.400/charts/nodeagent/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -env: - # name of authentication provider. - CA_PROVIDER: "" - # CA endpoint. - CA_ADDR: "" - # names of authentication provider's plugins. - PLUGINS: "" -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.400/charts/pilot/Chart.yaml b/charts/rancher-istio/1.4.400/charts/pilot/Chart.yaml deleted file mode 100755 index ed6585a38..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.4 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.4.400/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.4.400/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index 83af8fb06..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["security.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["*"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.4.400/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.400/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.400/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.4.400/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 7e7cd2b97..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.400/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.400/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.400/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index fd9e06a71..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.4.400/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.400/charts/pilot/values.yaml b/charts/rancher-istio/1.4.400/charts/pilot/values.yaml deleted file mode 100755 index 84c90d9ed..000000000 --- a/charts/rancher-istio/1.4.400/charts/pilot/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.4.400/charts/prometheus/Chart.yaml deleted file mode 100755 index 3b28ecc15..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.4.400/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.4.400/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.4.400/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index 1b26fa5a1..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,281 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name \ No newline at end of file diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 1033a2f5b..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.4.400/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.4.400/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index c36ce3f5c..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/prometheus/values.yaml b/charts/rancher-istio/1.4.400/charts/prometheus/values.yaml deleted file mode 100755 index 4edb9bcc6..000000000 --- a/charts/rancher-istio/1.4.400/charts/prometheus/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.4.400/charts/security/Chart.yaml b/charts/rancher-istio/1.4.400/charts/security/Chart.yaml deleted file mode 100755 index c28748e01..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.4 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index 4674cf141..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/deployment.yaml deleted file mode 100755 index 81d0c6b28..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 75e4a18e3..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index b6944e026..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.400/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.4.400/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 481b486de..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/security/values.yaml b/charts/rancher-istio/1.4.400/charts/security/values.yaml deleted file mode 100755 index ba92eea7d..000000000 --- a/charts/rancher-istio/1.4.400/charts/security/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index 739964b45..000000000 --- a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.4 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index 95a2ea8e9..000000000 --- a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index 537e6f960..000000000 --- a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index ec64f8ed5..000000000 --- a/charts/rancher-istio/1.4.400/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: false - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.4.400/charts/tracing/.helmignore b/charts/rancher-istio/1.4.400/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.400/charts/tracing/Chart.yaml b/charts/rancher-istio/1.4.400/charts/tracing/Chart.yaml deleted file mode 100755 index 808e97184..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.4.4 diff --git a/charts/rancher-istio/1.4.400/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.4.400/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index da54eeb94..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.400/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.4.400/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index eef24fc16..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.400/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.4.400/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.4.400/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.4.400/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index 38c4170b1..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.4.400/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.4.400/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.4.400/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.4.400/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index 64248e8c5..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/charts/tracing/values.yaml b/charts/rancher-istio/1.4.400/charts/tracing/values.yaml deleted file mode 100755 index cc55ea4af..000000000 --- a/charts/rancher-istio/1.4.400/charts/tracing/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.4.400/example-values/README.md b/charts/rancher-istio/1.4.400/example-values/README.md deleted file mode 100755 index 74fedcb60..000000000 --- a/charts/rancher-istio/1.4.400/example-values/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Example Values - -These files provide various example values for different Istio setups. - -To use them, [read the docs](https://istio.io/docs/setup/kubernetes/helm-install/) and add the flag `--values example-file.yaml`. diff --git a/charts/rancher-istio/1.4.400/example-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.400/example-values/values-istio-dns-cert.yaml deleted file mode 100755 index c00676fe9..000000000 --- a/charts/rancher-istio/1.4.400/example-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,6 +0,0 @@ -global: - certificates: - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.400/example-values/values-istio-example-sds-vault.yaml b/charts/rancher-istio/1.4.400/example-values/values-istio-example-sds-vault.yaml deleted file mode 100755 index 198e53002..000000000 --- a/charts/rancher-istio/1.4.400/example-values/values-istio-example-sds-vault.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.4 - env: - # The IP address and the port number of a publicly accessible example Vault server. - CA_ADDR: "https://34.83.129.211:8200" - CA_PROVIDER: "VaultCA" - VALID_TOKEN: true - # The IP address and the port number of a publicly accessible example Vault server. - VAULT_ADDR: "https://34.83.129.211:8200" - VAULT_AUTH_PATH: "auth/kubernetes/login" - VAULT_ROLE: "istio-cert" - VAULT_SIGN_CSR_PATH: "istio_ca/sign/istio-pki-role" - VAULT_TLS_ROOT_CERT: '-----BEGIN CERTIFICATE-----\nMIIC3jCCAcagAwIBAgIRAO1S7vuRQmo2He+RtBq3fv8wDQYJKoZIhvcNAQELBQAw\nEDEOMAwGA1UEChMFVmF1bHQwIBcNMTkwNDI3MTY1ODE1WhgPMjExOTA0MDMxNjU4\nMTVaMBAxDjAMBgNVBAoTBVZhdWx0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA7/CTbnENEIvFZg9hmVtYnOx3OfMy/GNCuP7sqtAeVVTopAKKkcAAWQck\nrhpBooEGpCugNxXGNCuJh/2nu0AfGFRfdafwSJRoI6yHwQouDm0o4r3h9uL3tu5N\nD+x9j+eejbFsoZVn84CxGkEB6oyeXYHjc6eWh3PFGMtKuOQD4pezvDH0yNCx5waK\nhtPuYtl0ebfdbyh+WQuptO+Q9VSaQNqE3ipZ461y8PduwRRll241W0gQB2iasX03\nD36F2ZrMz3KEVRVKM1yCUDCy2RPJqkXPdnVMWmDGbe8Uw69zr25JltzuRZFT9HL3\nY1RnMTecmSc4ikTUHcMhFX3PYbfR5wIDAQABozEwLzAOBgNVHQ8BAf8EBAMCBaAw\nDAYDVR0TAQH/BAIwADAPBgNVHREECDAGhwQiU4HTMA0GCSqGSIb3DQEBCwUAA4IB\nAQCdLh6olDVQB71LD6srbfAE4EsxLEBbIRnv7Nf1S0KQwgW/QxK8DHBwJBxJkr1N\nzgEPx86f2Fo2UsY9m6rvgP3+iquyMsKi0ooUah3y3LSnONuZcdfSTl/HYd38S6Dp\nVkVOZ7781xxpFVUqQ5voQX1Y1Ipn5qw0FyIcNYWLkNX+iMf1b9kpEIWQNhRC/Yiv\nTS0VA/BzQemGyf2UB6QsuZLH+JFEZnzU859qURnNIITa1Wf4YUtka5Sp1kDnEll3\nwj4IlXKU+Wl1CzxJyn4SSQAXy/Lb08ZKrF/YSzcIISnRX5j+wa8ApOSwwA/B7iaT\nTWz1g+RlV9qHap70eIjPsQvb\n-----END CERTIFICATE-----' diff --git a/charts/rancher-istio/1.4.400/example-values/values-istio-gateways.yaml b/charts/rancher-istio/1.4.400/example-values/values-istio-gateways.yaml deleted file mode 100755 index b9930d0a0..000000000 --- a/charts/rancher-istio/1.4.400/example-values/values-istio-gateways.yaml +++ /dev/null @@ -1,135 +0,0 @@ -# Common settings. -global: - # Omit the istio-sidecar-injector configmap when generate a - # standalone gateway. Gateways may be created in namespaces other - # than `istio-system` and we don't want to re-create the injector - # configmap in those. - omitSidecarInjectorConfigMap: true - - # Istio control plane namespace: This specifies where the Istio control - # plane was installed earlier. Modify this if you installed the control - # plane in a different namespace than istio-system. - istioNamespace: istio-system - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specific gateway by setting the `enabled` to false. -# -gateways: - enabled: true - - custom-gateway: - enabled: true - labels: - app: custom-gateway - replicaCount: 1 - autoscaleMin: 1 - autoscaleMax: 5 - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - #requests: - # cpu: 1800m - # memory: 256Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: {} - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - - port: 80 - targetPort: 80 - name: http2 - # nodePort: 31380 - - port: 443 - name: https - # nodePort: 31390 - - port: 31400 - name: tcp - # nodePort: 31400 - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Addon ports for kiali are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15029 - targetPort: 15029 - name: http2-kiali - # Telemetry-related ports are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15030 - targetPort: 15030 - name: http2-prometheus - - port: 15031 - targetPort: 15031 - name: http2-grafana - - port: 15032 - targetPort: 15032 - name: http2-tracing - secretVolumes: - - name: customgateway-certs - secretName: istio-customgateway-certs - mountPath: /etc/istio/customgateway-certs - - name: customgateway-ca-certs - secretName: istio-customgateway-ca-certs - mountPath: /etc/istio/customgateway-ca-certs - -# all other components are disabled except the gateways -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - -grafana: - enabled: false - -prometheus: - enabled: false - -tracing: - enabled: false - -kiali: - enabled: false - -certmanager: - enabled: false diff --git a/charts/rancher-istio/1.4.400/example-values/values-istio-googleca.yaml b/charts/rancher-istio/1.4.400/example-values/values-istio-googleca.yaml deleted file mode 100755 index 9d32f6452..000000000 --- a/charts/rancher-istio/1.4.400/example-values/values-istio-googleca.yaml +++ /dev/null @@ -1,29 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - # For GoogleCA, the aud field need to be set to the trustDomain, which is also set at the - # installation/configuration time, e.g. by running helm template. - token: - aud: "" - - trustDomain: "" - - useMCP: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.4 - env: - CA_PROVIDER: "GoogleCA" - CA_ADDR: "meshca.googleapis.com:443" - PLUGINS: "GoogleTokenExchange" - GKE_CLUSTER_URL: "" diff --git a/charts/rancher-istio/1.4.400/example-values/values-istio-meshexpansion-gateways.yaml b/charts/rancher-istio/1.4.400/example-values/values-istio-meshexpansion-gateways.yaml deleted file mode 100755 index 51a1ded16..000000000 --- a/charts/rancher-istio/1.4.400/example-values/values-istio-meshexpansion-gateways.yaml +++ /dev/null @@ -1,28 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - meshExpansion: - enabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.400/example-values/values-istio-multicluster-gateways.yaml b/charts/rancher-istio/1.4.400/example-values/values-istio-multicluster-gateways.yaml deleted file mode 100755 index 3524a3d47..000000000 --- a/charts/rancher-istio/1.4.400/example-values/values-istio-multicluster-gateways.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.400/files/injection-template.yaml b/charts/rancher-istio/1.4.400/files/injection-template.yaml deleted file mode 100755 index e38444804..000000000 --- a/charts/rancher-istio/1.4.400/files/injection-template.yaml +++ /dev/null @@ -1,436 +0,0 @@ -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} -{{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }} -initContainers: -{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{- if not .Values.istio_cni.enabled }} -- name: istio-init - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" - {{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" - {{- end }} - command: - - istio-iptables - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" -{{- if .Values.global.proxy.init.resources }} - resources: - {{ toYaml .Values.global.proxy.init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - add: - - NET_ADMIN - - NET_RAW - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - restartPolicy: Always -{{- end }} -{{ end -}} -{{- if eq .Values.global.proxy.enableCoreDump true }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} -{{- end }} -containers: -- name: istio-proxy -{{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" -{{- else }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.repository}}:{{ .Values.global.proxy.tag }}" -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" - - --applicationPorts - - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else -}} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.4.400/questions.yaml b/charts/rancher-istio/1.4.400/questions.yaml deleted file mode 100644 index 256d0a683..000000000 --- a/charts/rancher-istio/1.4.400/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v1.4.400: 1.4.4 -rancher_min_version: 2.3.4-rc1 -rancher_max_version: 2.3.4-rc1 diff --git a/charts/rancher-istio/1.4.400/requirements.yaml b/charts/rancher-istio/1.4.400/requirements.yaml deleted file mode 100755 index 30b00b853..000000000 --- a/charts/rancher-istio/1.4.400/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.4.4 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.4.4 - condition: security.enabled - - name: gateways - version: 1.4.4 - condition: gateways.enabled - - name: mixer - version: 1.4.4 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.4.4 - condition: nodeagent.enabled - - name: pilot - version: 1.4.4 - condition: pilot.enabled - - name: grafana - version: 1.4.4 - condition: grafana.enabled - - name: prometheus - version: 1.4.4 - condition: prometheus.enabled - - name: tracing - version: 1.4.4 - condition: tracing.enabled - - name: galley - version: 1.4.4 - condition: galley.enabled - - name: kiali - version: 1.4.4 - condition: kiali.enabled - - name: istiocoredns - version: 1.4.4 - condition: istiocoredns.enabled - - name: certmanager - version: 1.4.4 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.4.400/templates/NOTES.txt b/charts/rancher-istio/1.4.400/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.4.400/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.4.400/templates/_affinity.tpl b/charts/rancher-istio/1.4.400/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.4.400/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/templates/_helpers.tpl b/charts/rancher-istio/1.4.400/templates/_helpers.tpl deleted file mode 100755 index cf10568c7..000000000 --- a/charts/rancher-istio/1.4.400/templates/_helpers.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.400/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.4.400/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.4.400/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.4.400/templates/clusterrole.yaml b/charts/rancher-istio/1.4.400/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.4.400/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.400/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.400/templates/clusterrolebinding.yaml deleted file mode 100755 index 827601b3d..000000000 --- a/charts/rancher-istio/1.4.400/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.400/templates/configmap.yaml b/charts/rancher-istio/1.4.400/templates/configmap.yaml deleted file mode 100755 index e260cbb7f..000000000 --- a/charts/rancher-istio/1.4.400/templates/configmap.yaml +++ /dev/null @@ -1,341 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - - {{ .Values.pilot.configSource.subscribedResources }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/templates/crd-10.yaml b/charts/rancher-istio/1.4.400/templates/crd-10.yaml deleted file mode 100644 index f017e2658..000000000 --- a/charts/rancher-istio/1.4.400/templates/crd-10.yaml +++ /dev/null @@ -1,4816 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible - for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is - exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP - requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a - backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per - connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP - upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on - the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer - algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep - analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to - the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server - during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded - to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to - a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool - connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to - a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to - a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS - handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more - details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was - generated. - type: integer - service: - description: The fully qualified service name for this - cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match - on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply - the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's - match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual - host. - properties: - action: - description: Match a route with specific action - type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener - is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway - listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified - cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates - to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection - per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override - the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value - of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` - before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled - limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL - or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these - routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - appendHeaders: - additionalProperties: - format: string - type: string - type: object - appendRequestHeaders: - additionalProperties: - format: string - type: string - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - type: object - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - nullable: true - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. - items: - format: string - type: string - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at - the client side. - properties: - abort: - oneOf: - - properties: - percent: {} - required: - - httpStatus - - properties: - percent: {} - required: - - grpcStatus - - properties: - percent: {} - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http - request. - format: int32 - type: integer - percent: - description: Percentage of requests to be aborted with - the error code provided (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with - the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - properties: - percent: {} - required: - - fixedDelay - - properties: - percent: {} - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay - will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should - be case-insensitive. - type: boolean - method: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being - addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A http rule can either redirect or forward (default) - traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - removeRequestHeaders: - items: - format: string - type: string - type: array - removeResponseHeaders: - items: - format: string - type: string - type: array - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes - place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A http rule can either redirect or forward (default) - traffic. - items: - properties: - appendRequestHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_request_headers` is deprecated. - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_response_headers` is deprecated. - type: object - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - removeRequestHeaders: - description: Use of `remove_request_headers` is deprecated. - items: - format: string - type: string - type: array - removeResponseHeaders: - description: Use of `remove_response_header` is deprecated. - items: - format: string - type: string - type: array - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - websocketUpgrade: - description: Deprecated. - type: boolean - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.400/templates/crd-11.yaml b/charts/rancher-istio/1.4.400/templates/crd-11.yaml deleted file mode 100644 index 0de33afd9..000000000 --- a/charts/rancher-istio/1.4.400/templates/crd-11.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. - See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The ip to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.400/templates/crd-14.yaml b/charts/rancher-istio/1.4.400/templates/crd-14.yaml deleted file mode 100644 index e51edfc5c..000000000 --- a/charts/rancher-istio/1.4.400/templates/crd-14.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app: istio-pilot - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io - annotations: - helm.sh/hook: crd-install,pre-upgrade -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details - at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html' - properties: - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - values: - description: The allowed values for the attribute. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.400/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.4.400/templates/crd-certmanager-10.yaml deleted file mode 100644 index a3a61f7f5..000000000 --- a/charts/rancher-istio/1.4.400/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.4.400/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.4.400/templates/crd-certmanager-11.yaml deleted file mode 100644 index ea6a96967..000000000 --- a/charts/rancher-istio/1.4.400/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.4.400/templates/endpoints.yaml b/charts/rancher-istio/1.4.400/templates/endpoints.yaml deleted file mode 100755 index 81b821853..000000000 --- a/charts/rancher-istio/1.4.400/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.4.400/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.4.400/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.4.400/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.4.400/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.4.400/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.4.400/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.400/templates/service.yaml b/charts/rancher-istio/1.4.400/templates/service.yaml deleted file mode 100755 index 732cdefd2..000000000 --- a/charts/rancher-istio/1.4.400/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.4.400/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.400/templates/serviceaccount.yaml deleted file mode 100755 index e52d9eb9c..000000000 --- a/charts/rancher-istio/1.4.400/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.400/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.4.400/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.4.400/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.400/test-values/README.md b/charts/rancher-istio/1.4.400/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.4.400/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.4.400/test-values/values-e2e.yaml b/charts/rancher-istio/1.4.400/test-values/values-e2e.yaml deleted file mode 100755 index 18264aa2f..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - kiali: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index dba839e9f..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,25 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.4 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.400/test-values/values-istio.yaml b/charts/rancher-istio/1.4.400/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.4.400/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.400/values-istio-demo.yaml b/charts/rancher-istio/1.4.400/values-istio-demo.yaml deleted file mode 100755 index d28dbaaf2..000000000 --- a/charts/rancher-istio/1.4.400/values-istio-demo.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# This is used to generate istio.yaml for minimal, demo mode. -# It is shipped with the release, used for bookinfo or quick installation of istio. -# Includes components used in the demo, defaults to alpha3 rules. -global: - controlPlaneSecurityEnabled: false - - proxy: - accessLogFile: "/dev/stdout" - resources: - requests: - cpu: 10m - memory: 40Mi - - disablePolicyChecks: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - -sidecarInjectorWebhook: - enabled: true - # If true, webhook or istioctl injector will rewrite PodSpec for liveness - # health check to redirect request to sidecar. This makes liveness check work - # even when mTLS is enabled. - rewriteAppHTTPProbe: false - -pilot: - autoscaleEnabled: false - traceSampling: 100.0 - resources: - requests: - cpu: 10m - memory: 100Mi - -mixer: - policy: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - - telemetry: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 50m - memory: 100Mi - - adapters: - stdio: - enabled: true - -grafana: - enabled: true - -tracing: - enabled: true - -kiali: - enabled: true - createDemoSecret: true - -gateways: - istio-ingressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - - istio-egressgateway: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi diff --git a/charts/rancher-istio/1.4.400/values-istio-minimal.yaml b/charts/rancher-istio/1.4.400/values-istio-minimal.yaml deleted file mode 100755 index de45fa458..000000000 --- a/charts/rancher-istio/1.4.400/values-istio-minimal.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Minimal Istio Configuration: https://istio.io/docs/setup/kubernetes/additional-setup/config-profiles/ -# -pilot: - enabled: true - sidecar: false - -gateways: - enabled: false - -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -prometheus: - enabled: false - - -# Common settings. -global: - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - useMCP: false - - diff --git a/charts/rancher-istio/1.4.400/values-istio-remote.yaml b/charts/rancher-istio/1.4.400/values-istio-remote.yaml deleted file mode 100755 index 4ff03c360..000000000 --- a/charts/rancher-istio/1.4.400/values-istio-remote.yaml +++ /dev/null @@ -1,36 +0,0 @@ -gateways: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - configSource: - subscribedResources: - -security: - enabled: true - createMeshPolicy: false - -prometheus: - enabled: false - -global: - istioRemote: true - - enableTracing: false - - # Sets an identifier for the remote network to be used for Split Horizon EDS. The network will be sent - # to the Pilot when connected by the sidecar and will affect the results returned in EDS requests. - # Based on the network identifier Pilot will return all local endpoints + endpoints of gateways to - # other networks. - # - # Must match the names in the meshNetworks section in the Istio local. - network: "" diff --git a/charts/rancher-istio/1.4.400/values-istio-sds-auth-control-plane-auth-disabled.yaml b/charts/rancher-istio/1.4.400/values-istio-sds-auth-control-plane-auth-disabled.yaml deleted file mode 100755 index 1ebdb5346..000000000 --- a/charts/rancher-istio/1.4.400/values-istio-sds-auth-control-plane-auth-disabled.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.4 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.400/values-istio-sds-auth.yaml b/charts/rancher-istio/1.4.400/values-istio-sds-auth.yaml deleted file mode 100755 index 5ec9f63e7..000000000 --- a/charts/rancher-istio/1.4.400/values-istio-sds-auth.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.4 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.400/values.yaml b/charts/rancher-istio/1.4.400/values.yaml deleted file mode 100755 index 96a9e609e..000000000 --- a/charts/rancher-istio/1.4.400/values.yaml +++ /dev/null @@ -1,683 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: 1.4.4 - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.4.4 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - repository: rancher/istio-mixer - tag: 1.4.4 - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: 1.4.4 - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: 1.4.4 - enabled: true - -# -# nodeagent configuration -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - repository: rancher/grafana-grafana - tag: 6.3.6 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.12.0 - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.14 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - enabled: false - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.9 - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - enabled: false - image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.8.1 - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.6.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Common settings used among istio subcharts. -global: - - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - clusterId: - - systemDefaultRegistry: "" - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.4.4 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.4.4 - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - # use fully qualified image names for alternate path to proxy. - repository: rancher/istio-proxyv2 - tag: 1.4.4 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - repository: rancher/istio-proxyv2 - tag: 1.4.4 - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: false - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: false - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - nodeagent: - repository: rancher/istio-node-agent-k8s - tag: 1.4.4 - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-istio/1.4.600/.helmignore b/charts/rancher-istio/1.4.600/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.600/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.600/Chart.yaml b/charts/rancher-istio/1.4.600/Chart.yaml deleted file mode 100755 index 54887544d..000000000 --- a/charts/rancher-istio/1.4.600/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -name: rancher-istio -version: 1.4.600 -appVersion: 1.4.6 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' diff --git a/charts/rancher-istio/1.4.600/LICENSE b/charts/rancher-istio/1.4.600/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.4.600/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.4.600/README.md b/charts/rancher-istio/1.4.600/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.4.600/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.4.600/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.4.600/charts/certmanager/Chart.yaml deleted file mode 100755 index 88b0824ea..000000000 --- a/charts/rancher-istio/1.4.600/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.4.600/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.4.600/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.4.600/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.4.600/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 4c727365d..000000000 --- a/charts/rancher-istio/1.4.600/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- else }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.4.600/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.4.600/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.4.600/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.600/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index b251e3653..000000000 --- a/charts/rancher-istio/1.4.600/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.4.600/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.4.600/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.4.600/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.4.600/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.600/charts/certmanager/values.yaml b/charts/rancher-istio/1.4.600/charts/certmanager/values.yaml deleted file mode 100755 index 2d6854193..000000000 --- a/charts/rancher-istio/1.4.600/charts/certmanager/values.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.600/charts/galley/Chart.yaml b/charts/rancher-istio/1.4.600/charts/galley/Chart.yaml deleted file mode 100755 index 2bef120f6..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.6 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.4.600/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index c499dcf7d..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["*"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - resourceNames: ["istio-galley"] - verbs: ["get"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["namespaces/finalizers"] - verbs: ["update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.600/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.600/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.600/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.4.600/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.4.600/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/galley/templates/deployment.yaml deleted file mode 100755 index 458d98338..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/healthliveness - - --readinessProbePath=/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --validation-webhook-config-file - - /etc/config/validatingwebhookconfiguration.yaml - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - - name: config - configMap: - name: istio-galley-configuration - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.600/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.600/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 75bf77834..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/galley/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/galley/templates/service.yaml deleted file mode 100755 index cd21fd192..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.4.600/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.600/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.4.600/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 253fd2156..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,127 +0,0 @@ -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - failurePolicy: Fail - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - circonuses - - deniers - - fluentds - - kubernetesenvs - - listcheckers - - memquotas - - noops - - opas - - prometheuses - - rbacs - - solarwindses - - stackdrivers - - cloudwatches - - dogstatsds - - statsds - - stdios - - apikeys - - authorizations - - checknothings - # - kuberneteses - - listentries - - logentries - - metrics - - quotas - - reportnothings - - tracespans - - adapters - - handlers - - instances - - templates - - zipkins - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/galley/values.yaml b/charts/rancher-istio/1.4.600/charts/galley/values.yaml deleted file mode 100755 index 68eff963f..000000000 --- a/charts/rancher-istio/1.4.600/charts/galley/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.4.600/charts/gateways/Chart.yaml b/charts/rancher-istio/1.4.600/charts/gateways/Chart.yaml deleted file mode 100755 index 2edcd2174..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.6 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.4.600/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.4.600/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/gateways/templates/deployment.yaml deleted file mode 100755 index 2d858b844..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,387 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- if $spec.applicationPorts }} - - --applicationPorts - - "{{ $spec.applicationPorts }}" - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations.Value }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes.Value }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents.Value }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.600/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 36a2d5a9c..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.4.600/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 31e431db7..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,241 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadLabels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - filters: - - listenerMatch: - portNumber: 15443 - listenerType: GATEWAY - insertPosition: - index: AFTER - relativeTo: envoy.filters.network.sni_cluster - filterName: envoy.filters.network.tcp_cluster_rewrite - filterType: NETWORK - filterConfig: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.4.600/charts/gateways/templates/role.yaml deleted file mode 100755 index 37bdf3ef8..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.4.600/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index cd3245b01..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.600/charts/gateways/values.yaml b/charts/rancher-istio/1.4.600/charts/gateways/values.yaml deleted file mode 100755 index 23a16798f..000000000 --- a/charts/rancher-istio/1.4.600/charts/gateways/values.yaml +++ /dev/null @@ -1,286 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - # Ports to explicitly check for readiness. If configured, the readiness check will expect a - # listener on these ports. A comma separated list is expected, such as "80,443". - # - # Warning: If you do not have a gateway configured for the ports provided, this check will always - # fail. This is intended for use cases where you always expect to have a listener on the port, - # such as 80 or 443 in typical setups. - applicationPorts: "" - - env: - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.4.600/charts/grafana/Chart.yaml b/charts/rancher-istio/1.4.600/charts/grafana/Chart.yaml deleted file mode 100755 index 0c128c467..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.6 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.4.600/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index ffe4551a9..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"citadel\", pod_name=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.4.600/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index b7430f59d..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1823 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 48 - }, - "id": 48, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(istio_mcp_message_sizes_bytes_bucket[5m])) by (le)", - "format": "heatmap", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Response message sizes", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 3826fbae8..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.4.600/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index b074d13ba..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.4.600/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index b8ef6d2d7..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.600/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.4.600/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.4.600/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.4.600/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.4.600/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.600/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index d699709b8..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/grafana/templates/deployment.yaml deleted file mode 100755 index 9ad2a7f56..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.4.600/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.4.600/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.4.600/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.4.600/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index 7c8d1944b..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/grafana/values.yaml b/charts/rancher-istio/1.4.600/charts/grafana/values.yaml deleted file mode 100755 index 7b977c1e7..000000000 --- a/charts/rancher-istio/1.4.600/charts/grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.4.600/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.4.600/charts/istiocoredns/Chart.yaml deleted file mode 100755 index 35e2c3921..000000000 --- a/charts/rancher-istio/1.4.600/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 4b2a2d42a..000000000 --- a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.image.tag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index 4af0a2256..000000000 --- a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.4.600/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.600/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.4.600/charts/istiocoredns/values.yaml deleted file mode 100755 index f2268c02a..000000000 --- a/charts/rancher-istio/1.4.600/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.600/charts/kiali/Chart.yaml b/charts/rancher-istio/1.4.600/charts/kiali/Chart.yaml deleted file mode 100755 index 5f0949d8b..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.0 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.0 diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.4.600/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.600/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.4.600/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 055edd624..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - auth: - strategy: {{ .Values.dashboard.auth.strategy }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.4.600/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/kiali/templates/deployment.yaml deleted file mode 100755 index d0624ef08..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.4.600/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.4.600/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.600/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.4.600/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index e2a1ff671..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/kiali/values.yaml b/charts/rancher-istio/1.4.600/charts/kiali/values.yaml deleted file mode 100755 index c22d4325d..000000000 --- a/charts/rancher-istio/1.4.600/charts/kiali/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, or openshift - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.4.600/charts/mixer/Chart.yaml b/charts/rancher-istio/1.4.600/charts/mixer/Chart.yaml deleted file mode 100755 index 29dbe554a..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.6 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.4.600/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.4.600/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.600/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.4.600/charts/mixer/templates/config.yaml deleted file mode 100755 index 07f5893be..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1092 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: request.scheme | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 60bba11e5..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - security.istio.io/tlsMode: "istio" - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.4.600/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.600/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index a6bfe8668..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.600/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/mixer/values.yaml b/charts/rancher-istio/1.4.600/charts/mixer/values.yaml deleted file mode 100755 index 6a56f375a..000000000 --- a/charts/rancher-istio/1.4.600/charts/mixer/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# -# mixer configuration -# - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.4.600/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.4.600/charts/nodeagent/Chart.yaml deleted file mode 100755 index b250e00cd..000000000 --- a/charts/rancher-istio/1.4.600/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.6 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.4.600/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.4.600/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.4.600/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.600/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.600/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.4.600/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.600/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.4.600/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index a4d2463d6..000000000 --- a/charts/rancher-istio/1.4.600/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.4.600/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.4.600/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.600/charts/nodeagent/values.yaml b/charts/rancher-istio/1.4.600/charts/nodeagent/values.yaml deleted file mode 100755 index 9138c4647..000000000 --- a/charts/rancher-istio/1.4.600/charts/nodeagent/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -env: - # name of authentication provider. - CA_PROVIDER: "" - # CA endpoint. - CA_ADDR: "" - # names of authentication provider's plugins. - PLUGINS: "" -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.600/charts/pilot/Chart.yaml b/charts/rancher-istio/1.4.600/charts/pilot/Chart.yaml deleted file mode 100755 index acfef5692..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.6 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.4.600/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.4.600/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index 83af8fb06..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["security.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["*"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.4.600/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.600/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.600/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.4.600/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 7e7cd2b97..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.600/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.600/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.600/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index fd9e06a71..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.4.600/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.600/charts/pilot/values.yaml b/charts/rancher-istio/1.4.600/charts/pilot/values.yaml deleted file mode 100755 index 84c90d9ed..000000000 --- a/charts/rancher-istio/1.4.600/charts/pilot/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.4.600/charts/prometheus/Chart.yaml deleted file mode 100755 index c9640834c..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.4.600/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.4.600/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.4.600/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index 1b26fa5a1..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,281 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name \ No newline at end of file diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 1033a2f5b..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.4.600/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.4.600/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index c36ce3f5c..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/prometheus/values.yaml b/charts/rancher-istio/1.4.600/charts/prometheus/values.yaml deleted file mode 100755 index 4edb9bcc6..000000000 --- a/charts/rancher-istio/1.4.600/charts/prometheus/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.4.600/charts/security/Chart.yaml b/charts/rancher-istio/1.4.600/charts/security/Chart.yaml deleted file mode 100755 index fa5a97b2f..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.6 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index 4674cf141..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/deployment.yaml deleted file mode 100755 index 81d0c6b28..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 75e4a18e3..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index b6944e026..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.600/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.4.600/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 481b486de..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/security/values.yaml b/charts/rancher-istio/1.4.600/charts/security/values.yaml deleted file mode 100755 index ba92eea7d..000000000 --- a/charts/rancher-istio/1.4.600/charts/security/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index d002d63ac..000000000 --- a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.6 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index 95a2ea8e9..000000000 --- a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index 537e6f960..000000000 --- a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index ec64f8ed5..000000000 --- a/charts/rancher-istio/1.4.600/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: false - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.4.600/charts/tracing/.helmignore b/charts/rancher-istio/1.4.600/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.600/charts/tracing/Chart.yaml b/charts/rancher-istio/1.4.600/charts/tracing/Chart.yaml deleted file mode 100755 index 251efa26f..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.4.6 diff --git a/charts/rancher-istio/1.4.600/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.4.600/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index da54eeb94..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.600/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.4.600/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index eef24fc16..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.600/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.4.600/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.4.600/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.4.600/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index 38c4170b1..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.4.600/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.4.600/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.4.600/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.4.600/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index 64248e8c5..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/charts/tracing/values.yaml b/charts/rancher-istio/1.4.600/charts/tracing/values.yaml deleted file mode 100755 index cc55ea4af..000000000 --- a/charts/rancher-istio/1.4.600/charts/tracing/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.4.600/example-values/README.md b/charts/rancher-istio/1.4.600/example-values/README.md deleted file mode 100755 index 74fedcb60..000000000 --- a/charts/rancher-istio/1.4.600/example-values/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Example Values - -These files provide various example values for different Istio setups. - -To use them, [read the docs](https://istio.io/docs/setup/kubernetes/helm-install/) and add the flag `--values example-file.yaml`. diff --git a/charts/rancher-istio/1.4.600/example-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.600/example-values/values-istio-dns-cert.yaml deleted file mode 100755 index c00676fe9..000000000 --- a/charts/rancher-istio/1.4.600/example-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,6 +0,0 @@ -global: - certificates: - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.600/example-values/values-istio-example-sds-vault.yaml b/charts/rancher-istio/1.4.600/example-values/values-istio-example-sds-vault.yaml deleted file mode 100755 index d157f6dad..000000000 --- a/charts/rancher-istio/1.4.600/example-values/values-istio-example-sds-vault.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.6 - env: - # The IP address and the port number of a publicly accessible example Vault server. - CA_ADDR: "https://34.83.129.211:8200" - CA_PROVIDER: "VaultCA" - VALID_TOKEN: true - # The IP address and the port number of a publicly accessible example Vault server. - VAULT_ADDR: "https://34.83.129.211:8200" - VAULT_AUTH_PATH: "auth/kubernetes/login" - VAULT_ROLE: "istio-cert" - VAULT_SIGN_CSR_PATH: "istio_ca/sign/istio-pki-role" - VAULT_TLS_ROOT_CERT: '-----BEGIN CERTIFICATE-----\nMIIC3jCCAcagAwIBAgIRAO1S7vuRQmo2He+RtBq3fv8wDQYJKoZIhvcNAQELBQAw\nEDEOMAwGA1UEChMFVmF1bHQwIBcNMTkwNDI3MTY1ODE1WhgPMjExOTA0MDMxNjU4\nMTVaMBAxDjAMBgNVBAoTBVZhdWx0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA7/CTbnENEIvFZg9hmVtYnOx3OfMy/GNCuP7sqtAeVVTopAKKkcAAWQck\nrhpBooEGpCugNxXGNCuJh/2nu0AfGFRfdafwSJRoI6yHwQouDm0o4r3h9uL3tu5N\nD+x9j+eejbFsoZVn84CxGkEB6oyeXYHjc6eWh3PFGMtKuOQD4pezvDH0yNCx5waK\nhtPuYtl0ebfdbyh+WQuptO+Q9VSaQNqE3ipZ461y8PduwRRll241W0gQB2iasX03\nD36F2ZrMz3KEVRVKM1yCUDCy2RPJqkXPdnVMWmDGbe8Uw69zr25JltzuRZFT9HL3\nY1RnMTecmSc4ikTUHcMhFX3PYbfR5wIDAQABozEwLzAOBgNVHQ8BAf8EBAMCBaAw\nDAYDVR0TAQH/BAIwADAPBgNVHREECDAGhwQiU4HTMA0GCSqGSIb3DQEBCwUAA4IB\nAQCdLh6olDVQB71LD6srbfAE4EsxLEBbIRnv7Nf1S0KQwgW/QxK8DHBwJBxJkr1N\nzgEPx86f2Fo2UsY9m6rvgP3+iquyMsKi0ooUah3y3LSnONuZcdfSTl/HYd38S6Dp\nVkVOZ7781xxpFVUqQ5voQX1Y1Ipn5qw0FyIcNYWLkNX+iMf1b9kpEIWQNhRC/Yiv\nTS0VA/BzQemGyf2UB6QsuZLH+JFEZnzU859qURnNIITa1Wf4YUtka5Sp1kDnEll3\nwj4IlXKU+Wl1CzxJyn4SSQAXy/Lb08ZKrF/YSzcIISnRX5j+wa8ApOSwwA/B7iaT\nTWz1g+RlV9qHap70eIjPsQvb\n-----END CERTIFICATE-----' diff --git a/charts/rancher-istio/1.4.600/example-values/values-istio-gateways.yaml b/charts/rancher-istio/1.4.600/example-values/values-istio-gateways.yaml deleted file mode 100755 index b9930d0a0..000000000 --- a/charts/rancher-istio/1.4.600/example-values/values-istio-gateways.yaml +++ /dev/null @@ -1,135 +0,0 @@ -# Common settings. -global: - # Omit the istio-sidecar-injector configmap when generate a - # standalone gateway. Gateways may be created in namespaces other - # than `istio-system` and we don't want to re-create the injector - # configmap in those. - omitSidecarInjectorConfigMap: true - - # Istio control plane namespace: This specifies where the Istio control - # plane was installed earlier. Modify this if you installed the control - # plane in a different namespace than istio-system. - istioNamespace: istio-system - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specific gateway by setting the `enabled` to false. -# -gateways: - enabled: true - - custom-gateway: - enabled: true - labels: - app: custom-gateway - replicaCount: 1 - autoscaleMin: 1 - autoscaleMax: 5 - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - #requests: - # cpu: 1800m - # memory: 256Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: {} - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - - port: 80 - targetPort: 80 - name: http2 - # nodePort: 31380 - - port: 443 - name: https - # nodePort: 31390 - - port: 31400 - name: tcp - # nodePort: 31400 - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Addon ports for kiali are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15029 - targetPort: 15029 - name: http2-kiali - # Telemetry-related ports are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15030 - targetPort: 15030 - name: http2-prometheus - - port: 15031 - targetPort: 15031 - name: http2-grafana - - port: 15032 - targetPort: 15032 - name: http2-tracing - secretVolumes: - - name: customgateway-certs - secretName: istio-customgateway-certs - mountPath: /etc/istio/customgateway-certs - - name: customgateway-ca-certs - secretName: istio-customgateway-ca-certs - mountPath: /etc/istio/customgateway-ca-certs - -# all other components are disabled except the gateways -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - -grafana: - enabled: false - -prometheus: - enabled: false - -tracing: - enabled: false - -kiali: - enabled: false - -certmanager: - enabled: false diff --git a/charts/rancher-istio/1.4.600/example-values/values-istio-googleca.yaml b/charts/rancher-istio/1.4.600/example-values/values-istio-googleca.yaml deleted file mode 100755 index c4a5e42c5..000000000 --- a/charts/rancher-istio/1.4.600/example-values/values-istio-googleca.yaml +++ /dev/null @@ -1,29 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - # For GoogleCA, the aud field need to be set to the trustDomain, which is also set at the - # installation/configuration time, e.g. by running helm template. - token: - aud: "" - - trustDomain: "" - - useMCP: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.6 - env: - CA_PROVIDER: "GoogleCA" - CA_ADDR: "meshca.googleapis.com:443" - PLUGINS: "GoogleTokenExchange" - GKE_CLUSTER_URL: "" diff --git a/charts/rancher-istio/1.4.600/example-values/values-istio-meshexpansion-gateways.yaml b/charts/rancher-istio/1.4.600/example-values/values-istio-meshexpansion-gateways.yaml deleted file mode 100755 index 51a1ded16..000000000 --- a/charts/rancher-istio/1.4.600/example-values/values-istio-meshexpansion-gateways.yaml +++ /dev/null @@ -1,28 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - meshExpansion: - enabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.600/example-values/values-istio-multicluster-gateways.yaml b/charts/rancher-istio/1.4.600/example-values/values-istio-multicluster-gateways.yaml deleted file mode 100755 index 3524a3d47..000000000 --- a/charts/rancher-istio/1.4.600/example-values/values-istio-multicluster-gateways.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.600/files/injection-template.yaml b/charts/rancher-istio/1.4.600/files/injection-template.yaml deleted file mode 100755 index df94e5689..000000000 --- a/charts/rancher-istio/1.4.600/files/injection-template.yaml +++ /dev/null @@ -1,461 +0,0 @@ -{{- $cniDisabled := (not .Values.istio_cni.enabled) }} -{{- $cniRepairEnabled := (and .Values.istio_cni.enabled .Values.istio_cni.repair.enabled) }} -{{- $enableInitContainer := (or $cniDisabled $cniRepairEnabled .Values.global.proxy.enableCoreDump) }} -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} -{{- if $enableInitContainer }} -initContainers: -{{- if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{ if $cniRepairEnabled -}} -- name: istio-validation -{{ else -}} -- name: istio-init -{{ end -}} -{{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- end }} - command: -{{- if $cniRepairEnabled }} - - istio-iptables-go -{{- else }} - - istio-iptables -{{- end }} - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} -{{ if $cniRepairEnabled -}} - - "--run-validation" - - "--skip-rule-apply" -{{- end }} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" -{{- if .Values.global.proxy.init.resources }} - resources: - {{ toYaml .Values.global.proxy.init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: -{{- if not $cniRepairEnabled }} - add: - - NET_ADMIN - - NET_RAW -{{- end }} - drop: - - ALL - readOnlyRootFilesystem: false - {{- if not $cniRepairEnabled }} - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - runAsGroup: 1337 - runAsUser: 1337 - runAsNonRoot: true - {{- end }} - restartPolicy: Always - {{ end -}} -{{- if eq .Values.global.proxy.enableCoreDump true }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} - {{ end }} -containers: -- name: istio-proxy -{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` "") }} # if custom pod then use that - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" -{{- else }} - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- else }} - image: "{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- end }} -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" - - --applicationPorts - - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents.Value }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.4.600/questions.yaml b/charts/rancher-istio/1.4.600/questions.yaml deleted file mode 100644 index b54957cb5..000000000 --- a/charts/rancher-istio/1.4.600/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v1.4.600: 1.4.6 -rancher_min_version: 2.3.4-rc1 -rancher_max_version: 2.3.4-rc1 diff --git a/charts/rancher-istio/1.4.600/requirements.yaml b/charts/rancher-istio/1.4.600/requirements.yaml deleted file mode 100755 index 509d38976..000000000 --- a/charts/rancher-istio/1.4.600/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.4.6 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.4.6 - condition: security.enabled - - name: gateways - version: 1.4.6 - condition: gateways.enabled - - name: mixer - version: 1.4.6 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.4.6 - condition: nodeagent.enabled - - name: pilot - version: 1.4.6 - condition: pilot.enabled - - name: grafana - version: 1.4.6 - condition: grafana.enabled - - name: prometheus - version: 1.4.6 - condition: prometheus.enabled - - name: tracing - version: 1.4.6 - condition: tracing.enabled - - name: galley - version: 1.4.6 - condition: galley.enabled - - name: kiali - version: 1.4.6 - condition: kiali.enabled - - name: istiocoredns - version: 1.4.6 - condition: istiocoredns.enabled - - name: certmanager - version: 1.4.6 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.4.600/templates/NOTES.txt b/charts/rancher-istio/1.4.600/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.4.600/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.4.600/templates/_affinity.tpl b/charts/rancher-istio/1.4.600/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.4.600/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/templates/_helpers.tpl b/charts/rancher-istio/1.4.600/templates/_helpers.tpl deleted file mode 100755 index cf10568c7..000000000 --- a/charts/rancher-istio/1.4.600/templates/_helpers.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.600/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.4.600/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.4.600/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.4.600/templates/clusterrole.yaml b/charts/rancher-istio/1.4.600/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.4.600/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.600/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.600/templates/clusterrolebinding.yaml deleted file mode 100755 index 827601b3d..000000000 --- a/charts/rancher-istio/1.4.600/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.600/templates/configmap.yaml b/charts/rancher-istio/1.4.600/templates/configmap.yaml deleted file mode 100755 index e260cbb7f..000000000 --- a/charts/rancher-istio/1.4.600/templates/configmap.yaml +++ /dev/null @@ -1,341 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - - {{ .Values.pilot.configSource.subscribedResources }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/templates/crd-10.yaml b/charts/rancher-istio/1.4.600/templates/crd-10.yaml deleted file mode 100644 index f017e2658..000000000 --- a/charts/rancher-istio/1.4.600/templates/crd-10.yaml +++ /dev/null @@ -1,4816 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible - for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is - exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP - requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a - backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per - connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP - upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on - the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer - algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep - analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to - the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server - during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded - to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to - a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool - connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to - a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to - a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS - handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more - details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was - generated. - type: integer - service: - description: The fully qualified service name for this - cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match - on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply - the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's - match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual - host. - properties: - action: - description: Match a route with specific action - type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener - is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway - listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified - cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates - to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection - per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override - the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value - of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` - before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled - limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL - or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these - routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - appendHeaders: - additionalProperties: - format: string - type: string - type: object - appendRequestHeaders: - additionalProperties: - format: string - type: string - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - type: object - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - nullable: true - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. - items: - format: string - type: string - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at - the client side. - properties: - abort: - oneOf: - - properties: - percent: {} - required: - - httpStatus - - properties: - percent: {} - required: - - grpcStatus - - properties: - percent: {} - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http - request. - format: int32 - type: integer - percent: - description: Percentage of requests to be aborted with - the error code provided (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with - the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - properties: - percent: {} - required: - - fixedDelay - - properties: - percent: {} - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay - will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should - be case-insensitive. - type: boolean - method: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being - addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A http rule can either redirect or forward (default) - traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - removeRequestHeaders: - items: - format: string - type: string - type: array - removeResponseHeaders: - items: - format: string - type: string - type: array - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes - place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A http rule can either redirect or forward (default) - traffic. - items: - properties: - appendRequestHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_request_headers` is deprecated. - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_response_headers` is deprecated. - type: object - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - removeRequestHeaders: - description: Use of `remove_request_headers` is deprecated. - items: - format: string - type: string - type: array - removeResponseHeaders: - description: Use of `remove_response_header` is deprecated. - items: - format: string - type: string - type: array - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - websocketUpgrade: - description: Deprecated. - type: boolean - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.600/templates/crd-11.yaml b/charts/rancher-istio/1.4.600/templates/crd-11.yaml deleted file mode 100644 index 0de33afd9..000000000 --- a/charts/rancher-istio/1.4.600/templates/crd-11.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. - See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The ip to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.600/templates/crd-14.yaml b/charts/rancher-istio/1.4.600/templates/crd-14.yaml deleted file mode 100644 index e51edfc5c..000000000 --- a/charts/rancher-istio/1.4.600/templates/crd-14.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app: istio-pilot - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io - annotations: - helm.sh/hook: crd-install,pre-upgrade -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details - at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html' - properties: - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - values: - description: The allowed values for the attribute. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.600/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.4.600/templates/crd-certmanager-10.yaml deleted file mode 100644 index a3a61f7f5..000000000 --- a/charts/rancher-istio/1.4.600/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.4.600/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.4.600/templates/crd-certmanager-11.yaml deleted file mode 100644 index ea6a96967..000000000 --- a/charts/rancher-istio/1.4.600/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.4.600/templates/endpoints.yaml b/charts/rancher-istio/1.4.600/templates/endpoints.yaml deleted file mode 100755 index 81b821853..000000000 --- a/charts/rancher-istio/1.4.600/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.4.600/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.4.600/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.4.600/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.4.600/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.4.600/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.4.600/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.600/templates/service.yaml b/charts/rancher-istio/1.4.600/templates/service.yaml deleted file mode 100755 index 732cdefd2..000000000 --- a/charts/rancher-istio/1.4.600/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.4.600/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.600/templates/serviceaccount.yaml deleted file mode 100755 index e52d9eb9c..000000000 --- a/charts/rancher-istio/1.4.600/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.600/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.4.600/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.4.600/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.600/test-values/README.md b/charts/rancher-istio/1.4.600/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.4.600/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.4.600/test-values/values-e2e.yaml b/charts/rancher-istio/1.4.600/test-values/values-e2e.yaml deleted file mode 100755 index 18264aa2f..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - kiali: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index 1b29a3cc5..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,25 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.6 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.600/test-values/values-istio.yaml b/charts/rancher-istio/1.4.600/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.4.600/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.600/values-istio-demo.yaml b/charts/rancher-istio/1.4.600/values-istio-demo.yaml deleted file mode 100755 index d28dbaaf2..000000000 --- a/charts/rancher-istio/1.4.600/values-istio-demo.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# This is used to generate istio.yaml for minimal, demo mode. -# It is shipped with the release, used for bookinfo or quick installation of istio. -# Includes components used in the demo, defaults to alpha3 rules. -global: - controlPlaneSecurityEnabled: false - - proxy: - accessLogFile: "/dev/stdout" - resources: - requests: - cpu: 10m - memory: 40Mi - - disablePolicyChecks: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - -sidecarInjectorWebhook: - enabled: true - # If true, webhook or istioctl injector will rewrite PodSpec for liveness - # health check to redirect request to sidecar. This makes liveness check work - # even when mTLS is enabled. - rewriteAppHTTPProbe: false - -pilot: - autoscaleEnabled: false - traceSampling: 100.0 - resources: - requests: - cpu: 10m - memory: 100Mi - -mixer: - policy: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - - telemetry: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 50m - memory: 100Mi - - adapters: - stdio: - enabled: true - -grafana: - enabled: true - -tracing: - enabled: true - -kiali: - enabled: true - createDemoSecret: true - -gateways: - istio-ingressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - - istio-egressgateway: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi diff --git a/charts/rancher-istio/1.4.600/values-istio-minimal.yaml b/charts/rancher-istio/1.4.600/values-istio-minimal.yaml deleted file mode 100755 index de45fa458..000000000 --- a/charts/rancher-istio/1.4.600/values-istio-minimal.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Minimal Istio Configuration: https://istio.io/docs/setup/kubernetes/additional-setup/config-profiles/ -# -pilot: - enabled: true - sidecar: false - -gateways: - enabled: false - -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -prometheus: - enabled: false - - -# Common settings. -global: - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - useMCP: false - - diff --git a/charts/rancher-istio/1.4.600/values-istio-remote.yaml b/charts/rancher-istio/1.4.600/values-istio-remote.yaml deleted file mode 100755 index 4ff03c360..000000000 --- a/charts/rancher-istio/1.4.600/values-istio-remote.yaml +++ /dev/null @@ -1,36 +0,0 @@ -gateways: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - configSource: - subscribedResources: - -security: - enabled: true - createMeshPolicy: false - -prometheus: - enabled: false - -global: - istioRemote: true - - enableTracing: false - - # Sets an identifier for the remote network to be used for Split Horizon EDS. The network will be sent - # to the Pilot when connected by the sidecar and will affect the results returned in EDS requests. - # Based on the network identifier Pilot will return all local endpoints + endpoints of gateways to - # other networks. - # - # Must match the names in the meshNetworks section in the Istio local. - network: "" diff --git a/charts/rancher-istio/1.4.600/values-istio-sds-auth-control-plane-auth-disabled.yaml b/charts/rancher-istio/1.4.600/values-istio-sds-auth-control-plane-auth-disabled.yaml deleted file mode 100755 index a92d8645a..000000000 --- a/charts/rancher-istio/1.4.600/values-istio-sds-auth-control-plane-auth-disabled.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.6 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.600/values-istio-sds-auth.yaml b/charts/rancher-istio/1.4.600/values-istio-sds-auth.yaml deleted file mode 100755 index c4da7f9ae..000000000 --- a/charts/rancher-istio/1.4.600/values-istio-sds-auth.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.6 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.600/values.yaml b/charts/rancher-istio/1.4.600/values.yaml deleted file mode 100755 index 5e584e4bf..000000000 --- a/charts/rancher-istio/1.4.600/values.yaml +++ /dev/null @@ -1,685 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: 1.4.6 - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.4.6 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - repository: rancher/istio-mixer - tag: 1.4.6 - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: 1.4.6 - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: 1.4.6 - enabled: true - -# -# nodeagent configuration -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - repository: rancher/grafana-grafana - tag: 6.3.6 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.12.0 - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.14 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - enabled: false - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.9 - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - enabled: false - image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.8.1 - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - repair: - enabled: true - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.6.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Common settings used among istio subcharts. -global: - - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - clusterId: - - systemDefaultRegistry: "" - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.4.6 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.4.6 - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - # use fully qualified image names for alternate path to proxy. - repository: rancher/istio-proxyv2 - tag: 1.4.6 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - repository: rancher/istio-proxyv2 - tag: 1.4.6 - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: false - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: false - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - nodeagent: - repository: rancher/istio-node-agent-k8s - tag: 1.4.6 - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-istio/1.4.700/.helmignore b/charts/rancher-istio/1.4.700/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.700/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.700/Chart.yaml b/charts/rancher-istio/1.4.700/Chart.yaml deleted file mode 100755 index 9285fb450..000000000 --- a/charts/rancher-istio/1.4.700/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -name: rancher-istio -version: 1.4.700 -appVersion: 1.4.7 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' diff --git a/charts/rancher-istio/1.4.700/LICENSE b/charts/rancher-istio/1.4.700/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.4.700/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.4.700/README.md b/charts/rancher-istio/1.4.700/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.4.700/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.4.700/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.4.700/charts/certmanager/Chart.yaml deleted file mode 100755 index 4b7bf8cd5..000000000 --- a/charts/rancher-istio/1.4.700/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.4.700/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.4.700/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.4.700/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.4.700/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 4c727365d..000000000 --- a/charts/rancher-istio/1.4.700/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- else }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.4.700/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.4.700/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.4.700/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.700/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index b251e3653..000000000 --- a/charts/rancher-istio/1.4.700/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.4.700/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.4.700/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.4.700/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.4.700/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.700/charts/certmanager/values.yaml b/charts/rancher-istio/1.4.700/charts/certmanager/values.yaml deleted file mode 100755 index 2d6854193..000000000 --- a/charts/rancher-istio/1.4.700/charts/certmanager/values.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.700/charts/galley/Chart.yaml b/charts/rancher-istio/1.4.700/charts/galley/Chart.yaml deleted file mode 100755 index 575adc9e0..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.7 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.4.700/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index c499dcf7d..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["*"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - resourceNames: ["istio-galley"] - verbs: ["get"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["namespaces/finalizers"] - verbs: ["update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.700/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.700/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.700/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.4.700/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.4.700/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/galley/templates/deployment.yaml deleted file mode 100755 index 458d98338..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/healthliveness - - --readinessProbePath=/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --validation-webhook-config-file - - /etc/config/validatingwebhookconfiguration.yaml - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - - name: config - configMap: - name: istio-galley-configuration - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.700/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.700/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 75bf77834..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/galley/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/galley/templates/service.yaml deleted file mode 100755 index cd21fd192..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.4.700/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.700/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.4.700/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 253fd2156..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,127 +0,0 @@ -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - failurePolicy: Fail - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - circonuses - - deniers - - fluentds - - kubernetesenvs - - listcheckers - - memquotas - - noops - - opas - - prometheuses - - rbacs - - solarwindses - - stackdrivers - - cloudwatches - - dogstatsds - - statsds - - stdios - - apikeys - - authorizations - - checknothings - # - kuberneteses - - listentries - - logentries - - metrics - - quotas - - reportnothings - - tracespans - - adapters - - handlers - - instances - - templates - - zipkins - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/galley/values.yaml b/charts/rancher-istio/1.4.700/charts/galley/values.yaml deleted file mode 100755 index 68eff963f..000000000 --- a/charts/rancher-istio/1.4.700/charts/galley/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.4.700/charts/gateways/Chart.yaml b/charts/rancher-istio/1.4.700/charts/gateways/Chart.yaml deleted file mode 100755 index a0eb498a6..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.7 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.4.700/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.4.700/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/gateways/templates/deployment.yaml deleted file mode 100755 index 2d858b844..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,387 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- if $spec.applicationPorts }} - - --applicationPorts - - "{{ $spec.applicationPorts }}" - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations.Value }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes.Value }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents.Value }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.700/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 36a2d5a9c..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.4.700/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 31e431db7..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,241 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadLabels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - filters: - - listenerMatch: - portNumber: 15443 - listenerType: GATEWAY - insertPosition: - index: AFTER - relativeTo: envoy.filters.network.sni_cluster - filterName: envoy.filters.network.tcp_cluster_rewrite - filterType: NETWORK - filterConfig: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.4.700/charts/gateways/templates/role.yaml deleted file mode 100755 index 37bdf3ef8..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.4.700/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index cd3245b01..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if ($spec.sds) and (eq $spec.sds.enabled true) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.700/charts/gateways/values.yaml b/charts/rancher-istio/1.4.700/charts/gateways/values.yaml deleted file mode 100755 index 23a16798f..000000000 --- a/charts/rancher-istio/1.4.700/charts/gateways/values.yaml +++ /dev/null @@ -1,286 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - # Ports to explicitly check for readiness. If configured, the readiness check will expect a - # listener on these ports. A comma separated list is expected, such as "80,443". - # - # Warning: If you do not have a gateway configured for the ports provided, this check will always - # fail. This is intended for use cases where you always expect to have a listener on the port, - # such as 80 or 443 in typical setups. - applicationPorts: "" - - env: - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.4.700/charts/grafana/Chart.yaml b/charts/rancher-istio/1.4.700/charts/grafana/Chart.yaml deleted file mode 100755 index f3223d271..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.7 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.4.700/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index ffe4551a9..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"citadel\", pod_name=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.4.700/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index b7430f59d..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1823 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 48 - }, - "id": 48, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(istio_mcp_message_sizes_bytes_bucket[5m])) by (le)", - "format": "heatmap", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Response message sizes", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 3826fbae8..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.4.700/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index b074d13ba..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.4.700/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index b8ef6d2d7..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.700/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.4.700/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.4.700/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.4.700/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.4.700/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.700/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index d699709b8..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/grafana/templates/deployment.yaml deleted file mode 100755 index 9ad2a7f56..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.4.700/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.4.700/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.4.700/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.4.700/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index 7c8d1944b..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/grafana/values.yaml b/charts/rancher-istio/1.4.700/charts/grafana/values.yaml deleted file mode 100755 index 7b977c1e7..000000000 --- a/charts/rancher-istio/1.4.700/charts/grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.4.700/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.4.700/charts/istiocoredns/Chart.yaml deleted file mode 100755 index bfd56d894..000000000 --- a/charts/rancher-istio/1.4.700/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 4b2a2d42a..000000000 --- a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.image.tag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index 4af0a2256..000000000 --- a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.4.700/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.700/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.4.700/charts/istiocoredns/values.yaml deleted file mode 100755 index f2268c02a..000000000 --- a/charts/rancher-istio/1.4.700/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.700/charts/kiali/Chart.yaml b/charts/rancher-istio/1.4.700/charts/kiali/Chart.yaml deleted file mode 100755 index 5f0949d8b..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.0 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.0 diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.4.700/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.700/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.4.700/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 055edd624..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - auth: - strategy: {{ .Values.dashboard.auth.strategy }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.4.700/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/kiali/templates/deployment.yaml deleted file mode 100755 index d0624ef08..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.4.700/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.4.700/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.700/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.4.700/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index e2a1ff671..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/kiali/values.yaml b/charts/rancher-istio/1.4.700/charts/kiali/values.yaml deleted file mode 100755 index c22d4325d..000000000 --- a/charts/rancher-istio/1.4.700/charts/kiali/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, or openshift - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.4.700/charts/mixer/Chart.yaml b/charts/rancher-istio/1.4.700/charts/mixer/Chart.yaml deleted file mode 100755 index 90937fa97..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.7 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.4.700/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.4.700/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.700/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.4.700/charts/mixer/templates/config.yaml deleted file mode 100755 index 07f5893be..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1092 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: request.scheme | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 60bba11e5..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - security.istio.io/tlsMode: "istio" - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.4.700/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.700/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index a6bfe8668..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.700/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/mixer/values.yaml b/charts/rancher-istio/1.4.700/charts/mixer/values.yaml deleted file mode 100755 index 6a56f375a..000000000 --- a/charts/rancher-istio/1.4.700/charts/mixer/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# -# mixer configuration -# - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.4.700/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.4.700/charts/nodeagent/Chart.yaml deleted file mode 100755 index 2111d387d..000000000 --- a/charts/rancher-istio/1.4.700/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.7 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.4.700/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.4.700/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.4.700/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.700/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.700/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.4.700/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.700/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.4.700/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index a4d2463d6..000000000 --- a/charts/rancher-istio/1.4.700/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.4.700/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.4.700/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.700/charts/nodeagent/values.yaml b/charts/rancher-istio/1.4.700/charts/nodeagent/values.yaml deleted file mode 100755 index 9138c4647..000000000 --- a/charts/rancher-istio/1.4.700/charts/nodeagent/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -env: - # name of authentication provider. - CA_PROVIDER: "" - # CA endpoint. - CA_ADDR: "" - # names of authentication provider's plugins. - PLUGINS: "" -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.700/charts/pilot/Chart.yaml b/charts/rancher-istio/1.4.700/charts/pilot/Chart.yaml deleted file mode 100755 index 6c31e35d9..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.7 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.4.700/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.4.700/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index 83af8fb06..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["security.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["*"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.4.700/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.700/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.700/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.4.700/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 7e7cd2b97..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.700/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.700/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.700/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index fd9e06a71..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.4.700/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.700/charts/pilot/values.yaml b/charts/rancher-istio/1.4.700/charts/pilot/values.yaml deleted file mode 100755 index 84c90d9ed..000000000 --- a/charts/rancher-istio/1.4.700/charts/pilot/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.4.700/charts/prometheus/Chart.yaml deleted file mode 100755 index c6ea4b13a..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.4.700/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.4.700/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.4.700/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index 1b26fa5a1..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,281 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name \ No newline at end of file diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 1033a2f5b..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.4.700/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.4.700/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index c36ce3f5c..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/prometheus/values.yaml b/charts/rancher-istio/1.4.700/charts/prometheus/values.yaml deleted file mode 100755 index 4edb9bcc6..000000000 --- a/charts/rancher-istio/1.4.700/charts/prometheus/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.4.700/charts/security/Chart.yaml b/charts/rancher-istio/1.4.700/charts/security/Chart.yaml deleted file mode 100755 index 69b6a7a33..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.7 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index 4674cf141..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/deployment.yaml deleted file mode 100755 index 81d0c6b28..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 75e4a18e3..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index b6944e026..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.700/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.4.700/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 481b486de..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/security/values.yaml b/charts/rancher-istio/1.4.700/charts/security/values.yaml deleted file mode 100755 index ba92eea7d..000000000 --- a/charts/rancher-istio/1.4.700/charts/security/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index 59d6dc508..000000000 --- a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.7 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index 95a2ea8e9..000000000 --- a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index 537e6f960..000000000 --- a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index ec64f8ed5..000000000 --- a/charts/rancher-istio/1.4.700/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: false - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.4.700/charts/tracing/.helmignore b/charts/rancher-istio/1.4.700/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.700/charts/tracing/Chart.yaml b/charts/rancher-istio/1.4.700/charts/tracing/Chart.yaml deleted file mode 100755 index ca104bbcc..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.4.7 diff --git a/charts/rancher-istio/1.4.700/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.4.700/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index da54eeb94..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.700/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.4.700/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index eef24fc16..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.700/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.4.700/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.4.700/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.4.700/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index 38c4170b1..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.4.700/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.4.700/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.4.700/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.4.700/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index 64248e8c5..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/charts/tracing/values.yaml b/charts/rancher-istio/1.4.700/charts/tracing/values.yaml deleted file mode 100755 index cc55ea4af..000000000 --- a/charts/rancher-istio/1.4.700/charts/tracing/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.4.700/example-values/README.md b/charts/rancher-istio/1.4.700/example-values/README.md deleted file mode 100755 index 74fedcb60..000000000 --- a/charts/rancher-istio/1.4.700/example-values/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Example Values - -These files provide various example values for different Istio setups. - -To use them, [read the docs](https://istio.io/docs/setup/kubernetes/helm-install/) and add the flag `--values example-file.yaml`. diff --git a/charts/rancher-istio/1.4.700/example-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.700/example-values/values-istio-dns-cert.yaml deleted file mode 100755 index c00676fe9..000000000 --- a/charts/rancher-istio/1.4.700/example-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,6 +0,0 @@ -global: - certificates: - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.700/example-values/values-istio-example-sds-vault.yaml b/charts/rancher-istio/1.4.700/example-values/values-istio-example-sds-vault.yaml deleted file mode 100755 index d73be9bae..000000000 --- a/charts/rancher-istio/1.4.700/example-values/values-istio-example-sds-vault.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.7 - env: - # The IP address and the port number of a publicly accessible example Vault server. - CA_ADDR: "https://34.83.129.211:8200" - CA_PROVIDER: "VaultCA" - VALID_TOKEN: true - # The IP address and the port number of a publicly accessible example Vault server. - VAULT_ADDR: "https://34.83.129.211:8200" - VAULT_AUTH_PATH: "auth/kubernetes/login" - VAULT_ROLE: "istio-cert" - VAULT_SIGN_CSR_PATH: "istio_ca/sign/istio-pki-role" - VAULT_TLS_ROOT_CERT: '-----BEGIN CERTIFICATE-----\nMIIC3jCCAcagAwIBAgIRAO1S7vuRQmo2He+RtBq3fv8wDQYJKoZIhvcNAQELBQAw\nEDEOMAwGA1UEChMFVmF1bHQwIBcNMTkwNDI3MTY1ODE1WhgPMjExOTA0MDMxNjU4\nMTVaMBAxDjAMBgNVBAoTBVZhdWx0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA7/CTbnENEIvFZg9hmVtYnOx3OfMy/GNCuP7sqtAeVVTopAKKkcAAWQck\nrhpBooEGpCugNxXGNCuJh/2nu0AfGFRfdafwSJRoI6yHwQouDm0o4r3h9uL3tu5N\nD+x9j+eejbFsoZVn84CxGkEB6oyeXYHjc6eWh3PFGMtKuOQD4pezvDH0yNCx5waK\nhtPuYtl0ebfdbyh+WQuptO+Q9VSaQNqE3ipZ461y8PduwRRll241W0gQB2iasX03\nD36F2ZrMz3KEVRVKM1yCUDCy2RPJqkXPdnVMWmDGbe8Uw69zr25JltzuRZFT9HL3\nY1RnMTecmSc4ikTUHcMhFX3PYbfR5wIDAQABozEwLzAOBgNVHQ8BAf8EBAMCBaAw\nDAYDVR0TAQH/BAIwADAPBgNVHREECDAGhwQiU4HTMA0GCSqGSIb3DQEBCwUAA4IB\nAQCdLh6olDVQB71LD6srbfAE4EsxLEBbIRnv7Nf1S0KQwgW/QxK8DHBwJBxJkr1N\nzgEPx86f2Fo2UsY9m6rvgP3+iquyMsKi0ooUah3y3LSnONuZcdfSTl/HYd38S6Dp\nVkVOZ7781xxpFVUqQ5voQX1Y1Ipn5qw0FyIcNYWLkNX+iMf1b9kpEIWQNhRC/Yiv\nTS0VA/BzQemGyf2UB6QsuZLH+JFEZnzU859qURnNIITa1Wf4YUtka5Sp1kDnEll3\nwj4IlXKU+Wl1CzxJyn4SSQAXy/Lb08ZKrF/YSzcIISnRX5j+wa8ApOSwwA/B7iaT\nTWz1g+RlV9qHap70eIjPsQvb\n-----END CERTIFICATE-----' diff --git a/charts/rancher-istio/1.4.700/example-values/values-istio-gateways.yaml b/charts/rancher-istio/1.4.700/example-values/values-istio-gateways.yaml deleted file mode 100755 index b9930d0a0..000000000 --- a/charts/rancher-istio/1.4.700/example-values/values-istio-gateways.yaml +++ /dev/null @@ -1,135 +0,0 @@ -# Common settings. -global: - # Omit the istio-sidecar-injector configmap when generate a - # standalone gateway. Gateways may be created in namespaces other - # than `istio-system` and we don't want to re-create the injector - # configmap in those. - omitSidecarInjectorConfigMap: true - - # Istio control plane namespace: This specifies where the Istio control - # plane was installed earlier. Modify this if you installed the control - # plane in a different namespace than istio-system. - istioNamespace: istio-system - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specific gateway by setting the `enabled` to false. -# -gateways: - enabled: true - - custom-gateway: - enabled: true - labels: - app: custom-gateway - replicaCount: 1 - autoscaleMin: 1 - autoscaleMax: 5 - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - #requests: - # cpu: 1800m - # memory: 256Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: {} - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - - port: 80 - targetPort: 80 - name: http2 - # nodePort: 31380 - - port: 443 - name: https - # nodePort: 31390 - - port: 31400 - name: tcp - # nodePort: 31400 - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Addon ports for kiali are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15029 - targetPort: 15029 - name: http2-kiali - # Telemetry-related ports are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15030 - targetPort: 15030 - name: http2-prometheus - - port: 15031 - targetPort: 15031 - name: http2-grafana - - port: 15032 - targetPort: 15032 - name: http2-tracing - secretVolumes: - - name: customgateway-certs - secretName: istio-customgateway-certs - mountPath: /etc/istio/customgateway-certs - - name: customgateway-ca-certs - secretName: istio-customgateway-ca-certs - mountPath: /etc/istio/customgateway-ca-certs - -# all other components are disabled except the gateways -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - -grafana: - enabled: false - -prometheus: - enabled: false - -tracing: - enabled: false - -kiali: - enabled: false - -certmanager: - enabled: false diff --git a/charts/rancher-istio/1.4.700/example-values/values-istio-googleca.yaml b/charts/rancher-istio/1.4.700/example-values/values-istio-googleca.yaml deleted file mode 100755 index 9c86c42de..000000000 --- a/charts/rancher-istio/1.4.700/example-values/values-istio-googleca.yaml +++ /dev/null @@ -1,29 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - # For GoogleCA, the aud field need to be set to the trustDomain, which is also set at the - # installation/configuration time, e.g. by running helm template. - token: - aud: "" - - trustDomain: "" - - useMCP: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.7 - env: - CA_PROVIDER: "GoogleCA" - CA_ADDR: "meshca.googleapis.com:443" - PLUGINS: "GoogleTokenExchange" - GKE_CLUSTER_URL: "" diff --git a/charts/rancher-istio/1.4.700/example-values/values-istio-meshexpansion-gateways.yaml b/charts/rancher-istio/1.4.700/example-values/values-istio-meshexpansion-gateways.yaml deleted file mode 100755 index 51a1ded16..000000000 --- a/charts/rancher-istio/1.4.700/example-values/values-istio-meshexpansion-gateways.yaml +++ /dev/null @@ -1,28 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - meshExpansion: - enabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.700/example-values/values-istio-multicluster-gateways.yaml b/charts/rancher-istio/1.4.700/example-values/values-istio-multicluster-gateways.yaml deleted file mode 100755 index 3524a3d47..000000000 --- a/charts/rancher-istio/1.4.700/example-values/values-istio-multicluster-gateways.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.700/files/injection-template.yaml b/charts/rancher-istio/1.4.700/files/injection-template.yaml deleted file mode 100755 index df94e5689..000000000 --- a/charts/rancher-istio/1.4.700/files/injection-template.yaml +++ /dev/null @@ -1,461 +0,0 @@ -{{- $cniDisabled := (not .Values.istio_cni.enabled) }} -{{- $cniRepairEnabled := (and .Values.istio_cni.enabled .Values.istio_cni.repair.enabled) }} -{{- $enableInitContainer := (or $cniDisabled $cniRepairEnabled .Values.global.proxy.enableCoreDump) }} -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} -{{- if $enableInitContainer }} -initContainers: -{{- if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{ if $cniRepairEnabled -}} -- name: istio-validation -{{ else -}} -- name: istio-init -{{ end -}} -{{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- end }} - command: -{{- if $cniRepairEnabled }} - - istio-iptables-go -{{- else }} - - istio-iptables -{{- end }} - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} -{{ if $cniRepairEnabled -}} - - "--run-validation" - - "--skip-rule-apply" -{{- end }} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" -{{- if .Values.global.proxy.init.resources }} - resources: - {{ toYaml .Values.global.proxy.init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: -{{- if not $cniRepairEnabled }} - add: - - NET_ADMIN - - NET_RAW -{{- end }} - drop: - - ALL - readOnlyRootFilesystem: false - {{- if not $cniRepairEnabled }} - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - runAsGroup: 1337 - runAsUser: 1337 - runAsNonRoot: true - {{- end }} - restartPolicy: Always - {{ end -}} -{{- if eq .Values.global.proxy.enableCoreDump true }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} - {{ end }} -containers: -- name: istio-proxy -{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` "") }} # if custom pod then use that - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" -{{- else }} - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- else }} - image: "{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- end }} -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" - - --applicationPorts - - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents.Value }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.4.700/questions.yaml b/charts/rancher-istio/1.4.700/questions.yaml deleted file mode 100644 index 296c24571..000000000 --- a/charts/rancher-istio/1.4.700/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v1.4.700: 1.4.7 -rancher_min_version: 2.3.4-rc1 -rancher_max_version: 2.3.7 diff --git a/charts/rancher-istio/1.4.700/requirements.yaml b/charts/rancher-istio/1.4.700/requirements.yaml deleted file mode 100755 index 424633151..000000000 --- a/charts/rancher-istio/1.4.700/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.4.7 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.4.7 - condition: security.enabled - - name: gateways - version: 1.4.7 - condition: gateways.enabled - - name: mixer - version: 1.4.7 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.4.7 - condition: nodeagent.enabled - - name: pilot - version: 1.4.7 - condition: pilot.enabled - - name: grafana - version: 1.4.7 - condition: grafana.enabled - - name: prometheus - version: 1.4.7 - condition: prometheus.enabled - - name: tracing - version: 1.4.7 - condition: tracing.enabled - - name: galley - version: 1.4.7 - condition: galley.enabled - - name: kiali - version: 1.4.7 - condition: kiali.enabled - - name: istiocoredns - version: 1.4.7 - condition: istiocoredns.enabled - - name: certmanager - version: 1.4.7 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.4.700/templates/NOTES.txt b/charts/rancher-istio/1.4.700/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.4.700/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.4.700/templates/_affinity.tpl b/charts/rancher-istio/1.4.700/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.4.700/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/templates/_helpers.tpl b/charts/rancher-istio/1.4.700/templates/_helpers.tpl deleted file mode 100755 index cf10568c7..000000000 --- a/charts/rancher-istio/1.4.700/templates/_helpers.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.700/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.4.700/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.4.700/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.4.700/templates/clusterrole.yaml b/charts/rancher-istio/1.4.700/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.4.700/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.700/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.700/templates/clusterrolebinding.yaml deleted file mode 100755 index 827601b3d..000000000 --- a/charts/rancher-istio/1.4.700/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.700/templates/configmap.yaml b/charts/rancher-istio/1.4.700/templates/configmap.yaml deleted file mode 100755 index e260cbb7f..000000000 --- a/charts/rancher-istio/1.4.700/templates/configmap.yaml +++ /dev/null @@ -1,341 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - - {{ .Values.pilot.configSource.subscribedResources }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/templates/crd-10.yaml b/charts/rancher-istio/1.4.700/templates/crd-10.yaml deleted file mode 100644 index f017e2658..000000000 --- a/charts/rancher-istio/1.4.700/templates/crd-10.yaml +++ /dev/null @@ -1,4816 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible - for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is - exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP - requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a - backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per - connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP - upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on - the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer - algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep - analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to - the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server - during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded - to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to - a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool - connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to - a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to - a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS - handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more - details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was - generated. - type: integer - service: - description: The fully qualified service name for this - cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match - on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply - the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's - match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual - host. - properties: - action: - description: Match a route with specific action - type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener - is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway - listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified - cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates - to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection - per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override - the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value - of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` - before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled - limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL - or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these - routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - appendHeaders: - additionalProperties: - format: string - type: string - type: object - appendRequestHeaders: - additionalProperties: - format: string - type: string - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - type: object - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - nullable: true - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. - items: - format: string - type: string - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at - the client side. - properties: - abort: - oneOf: - - properties: - percent: {} - required: - - httpStatus - - properties: - percent: {} - required: - - grpcStatus - - properties: - percent: {} - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http - request. - format: int32 - type: integer - percent: - description: Percentage of requests to be aborted with - the error code provided (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with - the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - properties: - percent: {} - required: - - fixedDelay - - properties: - percent: {} - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay - will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should - be case-insensitive. - type: boolean - method: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being - addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A http rule can either redirect or forward (default) - traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - removeRequestHeaders: - items: - format: string - type: string - type: array - removeResponseHeaders: - items: - format: string - type: string - type: array - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes - place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A http rule can either redirect or forward (default) - traffic. - items: - properties: - appendRequestHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_request_headers` is deprecated. - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_response_headers` is deprecated. - type: object - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - removeRequestHeaders: - description: Use of `remove_request_headers` is deprecated. - items: - format: string - type: string - type: array - removeResponseHeaders: - description: Use of `remove_response_header` is deprecated. - items: - format: string - type: string - type: array - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - websocketUpgrade: - description: Deprecated. - type: boolean - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.700/templates/crd-11.yaml b/charts/rancher-istio/1.4.700/templates/crd-11.yaml deleted file mode 100644 index 0de33afd9..000000000 --- a/charts/rancher-istio/1.4.700/templates/crd-11.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. - See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The ip to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.700/templates/crd-14.yaml b/charts/rancher-istio/1.4.700/templates/crd-14.yaml deleted file mode 100644 index e51edfc5c..000000000 --- a/charts/rancher-istio/1.4.700/templates/crd-14.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app: istio-pilot - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io - annotations: - helm.sh/hook: crd-install,pre-upgrade -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details - at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html' - properties: - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - values: - description: The allowed values for the attribute. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.700/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.4.700/templates/crd-certmanager-10.yaml deleted file mode 100644 index a3a61f7f5..000000000 --- a/charts/rancher-istio/1.4.700/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.4.700/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.4.700/templates/crd-certmanager-11.yaml deleted file mode 100644 index ea6a96967..000000000 --- a/charts/rancher-istio/1.4.700/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.4.700/templates/endpoints.yaml b/charts/rancher-istio/1.4.700/templates/endpoints.yaml deleted file mode 100755 index 81b821853..000000000 --- a/charts/rancher-istio/1.4.700/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.4.700/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.4.700/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.4.700/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.4.700/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.4.700/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.4.700/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.700/templates/service.yaml b/charts/rancher-istio/1.4.700/templates/service.yaml deleted file mode 100755 index 732cdefd2..000000000 --- a/charts/rancher-istio/1.4.700/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.4.700/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.700/templates/serviceaccount.yaml deleted file mode 100755 index e52d9eb9c..000000000 --- a/charts/rancher-istio/1.4.700/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.700/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.4.700/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.4.700/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.700/test-values/README.md b/charts/rancher-istio/1.4.700/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.4.700/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.4.700/test-values/values-e2e.yaml b/charts/rancher-istio/1.4.700/test-values/values-e2e.yaml deleted file mode 100755 index 18264aa2f..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - kiali: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index 62a8121ba..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,25 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.7 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.700/test-values/values-istio.yaml b/charts/rancher-istio/1.4.700/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.4.700/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.700/values-istio-demo.yaml b/charts/rancher-istio/1.4.700/values-istio-demo.yaml deleted file mode 100755 index d28dbaaf2..000000000 --- a/charts/rancher-istio/1.4.700/values-istio-demo.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# This is used to generate istio.yaml for minimal, demo mode. -# It is shipped with the release, used for bookinfo or quick installation of istio. -# Includes components used in the demo, defaults to alpha3 rules. -global: - controlPlaneSecurityEnabled: false - - proxy: - accessLogFile: "/dev/stdout" - resources: - requests: - cpu: 10m - memory: 40Mi - - disablePolicyChecks: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - -sidecarInjectorWebhook: - enabled: true - # If true, webhook or istioctl injector will rewrite PodSpec for liveness - # health check to redirect request to sidecar. This makes liveness check work - # even when mTLS is enabled. - rewriteAppHTTPProbe: false - -pilot: - autoscaleEnabled: false - traceSampling: 100.0 - resources: - requests: - cpu: 10m - memory: 100Mi - -mixer: - policy: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - - telemetry: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 50m - memory: 100Mi - - adapters: - stdio: - enabled: true - -grafana: - enabled: true - -tracing: - enabled: true - -kiali: - enabled: true - createDemoSecret: true - -gateways: - istio-ingressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - - istio-egressgateway: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi diff --git a/charts/rancher-istio/1.4.700/values-istio-minimal.yaml b/charts/rancher-istio/1.4.700/values-istio-minimal.yaml deleted file mode 100755 index de45fa458..000000000 --- a/charts/rancher-istio/1.4.700/values-istio-minimal.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Minimal Istio Configuration: https://istio.io/docs/setup/kubernetes/additional-setup/config-profiles/ -# -pilot: - enabled: true - sidecar: false - -gateways: - enabled: false - -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -prometheus: - enabled: false - - -# Common settings. -global: - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - useMCP: false - - diff --git a/charts/rancher-istio/1.4.700/values-istio-remote.yaml b/charts/rancher-istio/1.4.700/values-istio-remote.yaml deleted file mode 100755 index 4ff03c360..000000000 --- a/charts/rancher-istio/1.4.700/values-istio-remote.yaml +++ /dev/null @@ -1,36 +0,0 @@ -gateways: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - configSource: - subscribedResources: - -security: - enabled: true - createMeshPolicy: false - -prometheus: - enabled: false - -global: - istioRemote: true - - enableTracing: false - - # Sets an identifier for the remote network to be used for Split Horizon EDS. The network will be sent - # to the Pilot when connected by the sidecar and will affect the results returned in EDS requests. - # Based on the network identifier Pilot will return all local endpoints + endpoints of gateways to - # other networks. - # - # Must match the names in the meshNetworks section in the Istio local. - network: "" diff --git a/charts/rancher-istio/1.4.700/values-istio-sds-auth-control-plane-auth-disabled.yaml b/charts/rancher-istio/1.4.700/values-istio-sds-auth-control-plane-auth-disabled.yaml deleted file mode 100755 index 28090fe86..000000000 --- a/charts/rancher-istio/1.4.700/values-istio-sds-auth-control-plane-auth-disabled.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.7 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.700/values-istio-sds-auth.yaml b/charts/rancher-istio/1.4.700/values-istio-sds-auth.yaml deleted file mode 100755 index de4764199..000000000 --- a/charts/rancher-istio/1.4.700/values-istio-sds-auth.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.7 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.700/values.yaml b/charts/rancher-istio/1.4.700/values.yaml deleted file mode 100755 index aff6470d6..000000000 --- a/charts/rancher-istio/1.4.700/values.yaml +++ /dev/null @@ -1,685 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: 1.4.7 - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.4.7 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - repository: rancher/istio-mixer - tag: 1.4.7 - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: 1.4.7 - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: 1.4.7 - enabled: true - -# -# nodeagent configuration -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - repository: rancher/grafana-grafana - tag: 6.3.6 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.12.0 - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.14 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - enabled: false - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.9 - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - enabled: false - image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.8.1 - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - repair: - enabled: true - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.6.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Common settings used among istio subcharts. -global: - - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - clusterId: - - systemDefaultRegistry: "" - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.4.7 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.4.7 - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - # use fully qualified image names for alternate path to proxy. - repository: rancher/istio-proxyv2 - tag: 1.4.7 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - repository: rancher/istio-proxyv2 - tag: 1.4.7 - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: false - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: false - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - nodeagent: - repository: rancher/istio-node-agent-k8s - tag: 1.4.7 - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-istio/1.4.900/.helmignore b/charts/rancher-istio/1.4.900/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.900/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.900/Chart.yaml b/charts/rancher-istio/1.4.900/Chart.yaml deleted file mode 100755 index 8048aa081..000000000 --- a/charts/rancher-istio/1.4.900/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -name: rancher-istio -version: 1.4.900 -appVersion: 1.4.9 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' diff --git a/charts/rancher-istio/1.4.900/LICENSE b/charts/rancher-istio/1.4.900/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.4.900/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.4.900/README.md b/charts/rancher-istio/1.4.900/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.4.900/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.4.900/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.4.900/charts/certmanager/Chart.yaml deleted file mode 100755 index 5dc20e05b..000000000 --- a/charts/rancher-istio/1.4.900/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.4.900/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.4.900/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.4.900/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.4.900/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 4c727365d..000000000 --- a/charts/rancher-istio/1.4.900/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- else }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.4.900/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.4.900/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.4.900/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.900/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index b251e3653..000000000 --- a/charts/rancher-istio/1.4.900/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.4.900/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.4.900/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.4.900/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.4.900/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.900/charts/certmanager/values.yaml b/charts/rancher-istio/1.4.900/charts/certmanager/values.yaml deleted file mode 100755 index 2d6854193..000000000 --- a/charts/rancher-istio/1.4.900/charts/certmanager/values.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.900/charts/galley/Chart.yaml b/charts/rancher-istio/1.4.900/charts/galley/Chart.yaml deleted file mode 100755 index 81fd44d74..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.9 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.4.900/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index c499dcf7d..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["*"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - resourceNames: ["istio-galley"] - verbs: ["get"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["namespaces/finalizers"] - verbs: ["update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.900/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.900/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.900/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.4.900/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.4.900/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/galley/templates/deployment.yaml deleted file mode 100755 index 458d98338..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/healthliveness - - --readinessProbePath=/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --validation-webhook-config-file - - /etc/config/validatingwebhookconfiguration.yaml - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - - name: config - configMap: - name: istio-galley-configuration - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.900/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.900/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 75bf77834..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/galley/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/galley/templates/service.yaml deleted file mode 100755 index cd21fd192..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.4.900/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.900/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.4.900/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 253fd2156..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,127 +0,0 @@ -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - failurePolicy: Fail - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - circonuses - - deniers - - fluentds - - kubernetesenvs - - listcheckers - - memquotas - - noops - - opas - - prometheuses - - rbacs - - solarwindses - - stackdrivers - - cloudwatches - - dogstatsds - - statsds - - stdios - - apikeys - - authorizations - - checknothings - # - kuberneteses - - listentries - - logentries - - metrics - - quotas - - reportnothings - - tracespans - - adapters - - handlers - - instances - - templates - - zipkins - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/galley/values.yaml b/charts/rancher-istio/1.4.900/charts/galley/values.yaml deleted file mode 100755 index 68eff963f..000000000 --- a/charts/rancher-istio/1.4.900/charts/galley/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.4.900/charts/gateways/Chart.yaml b/charts/rancher-istio/1.4.900/charts/gateways/Chart.yaml deleted file mode 100755 index 8454adadc..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.9 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.4.900/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.4.900/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/gateways/templates/deployment.yaml deleted file mode 100755 index 6c1419bcd..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,387 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- if $spec.applicationPorts }} - - --applicationPorts - - "{{ $spec.applicationPorts }}" - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.900/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 36a2d5a9c..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.4.900/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 31e431db7..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,241 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadLabels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - filters: - - listenerMatch: - portNumber: 15443 - listenerType: GATEWAY - insertPosition: - index: AFTER - relativeTo: envoy.filters.network.sni_cluster - filterName: envoy.filters.network.tcp_cluster_rewrite - filterType: NETWORK - filterConfig: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.4.900/charts/gateways/templates/role.yaml deleted file mode 100755 index cb013edb1..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.900/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.4.900/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index 03a9a8a9b..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.900/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.900/charts/gateways/values.yaml b/charts/rancher-istio/1.4.900/charts/gateways/values.yaml deleted file mode 100755 index 23a16798f..000000000 --- a/charts/rancher-istio/1.4.900/charts/gateways/values.yaml +++ /dev/null @@ -1,286 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - # Ports to explicitly check for readiness. If configured, the readiness check will expect a - # listener on these ports. A comma separated list is expected, such as "80,443". - # - # Warning: If you do not have a gateway configured for the ports provided, this check will always - # fail. This is intended for use cases where you always expect to have a listener on the port, - # such as 80 or 443 in typical setups. - applicationPorts: "" - - env: - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - # A gateway with this mode ensures that pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "sni-dnat" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.4.900/charts/grafana/Chart.yaml b/charts/rancher-istio/1.4.900/charts/grafana/Chart.yaml deleted file mode 100755 index 242b3a6a4..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.9 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.4.900/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index ffe4551a9..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"citadel\", pod_name=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.4.900/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index b7430f59d..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1823 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 48 - }, - "id": 48, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(istio_mcp_message_sizes_bytes_bucket[5m])) by (le)", - "format": "heatmap", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Response message sizes", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 3826fbae8..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod_name=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery|istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container_name }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container_name }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.4.900/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index b074d13ba..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"mixer|istio-proxy\", pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.4.900/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index b8ef6d2d7..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container_name=~\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"discovery\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container_name=\"istio-proxy\", pod_name=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.900/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.4.900/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.4.900/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.4.900/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.4.900/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.900/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index d699709b8..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/grafana/templates/deployment.yaml deleted file mode 100755 index 9ad2a7f56..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.4.900/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.4.900/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.4.900/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.4.900/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index 7c8d1944b..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/grafana/values.yaml b/charts/rancher-istio/1.4.900/charts/grafana/values.yaml deleted file mode 100755 index 7b977c1e7..000000000 --- a/charts/rancher-istio/1.4.900/charts/grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.4.900/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.4.900/charts/istiocoredns/Chart.yaml deleted file mode 100755 index 0c89200af..000000000 --- a/charts/rancher-istio/1.4.900/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 4b2a2d42a..000000000 --- a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.image.tag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index 4af0a2256..000000000 --- a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.4.900/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.900/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.4.900/charts/istiocoredns/values.yaml deleted file mode 100755 index f2268c02a..000000000 --- a/charts/rancher-istio/1.4.900/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.900/charts/kiali/Chart.yaml b/charts/rancher-istio/1.4.900/charts/kiali/Chart.yaml deleted file mode 100755 index d6081dd21..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.1 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.1 diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.4.900/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.900/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.4.900/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 71869f705..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - login_token: - signing_key: {{ randAlphaNum 10 | quote }} - auth: - strategy: {{ .Values.dashboard.auth.strategy }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.4.900/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/kiali/templates/deployment.yaml deleted file mode 100755 index d0624ef08..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.4.900/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.4.900/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.900/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.4.900/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index e2a1ff671..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/kiali/values.yaml b/charts/rancher-istio/1.4.900/charts/kiali/values.yaml deleted file mode 100755 index c22d4325d..000000000 --- a/charts/rancher-istio/1.4.900/charts/kiali/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, or openshift - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.4.900/charts/mixer/Chart.yaml b/charts/rancher-istio/1.4.900/charts/mixer/Chart.yaml deleted file mode 100755 index 6e3f5d155..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.9 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.4.900/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.4.900/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.900/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.4.900/charts/mixer/templates/config.yaml deleted file mode 100755 index 07f5893be..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1092 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: request.scheme | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - response_flags: context.proxy_error_code | "-" - permissive_response_code: rbac.permissive.response_code | "none" - permissive_response_policyid: rbac.permissive.effective_policy_id | "none" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - response_flags - - permissive_response_code - - permissive_response_policyid - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 60bba11e5..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - security.istio.io/tlsMode: "istio" - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.4.900/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.900/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index a6bfe8668..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.900/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/mixer/values.yaml b/charts/rancher-istio/1.4.900/charts/mixer/values.yaml deleted file mode 100755 index 6a56f375a..000000000 --- a/charts/rancher-istio/1.4.900/charts/mixer/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# -# mixer configuration -# - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.4.900/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.4.900/charts/nodeagent/Chart.yaml deleted file mode 100755 index f3630bbf0..000000000 --- a/charts/rancher-istio/1.4.900/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.9 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.4.900/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.4.900/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.4.900/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.900/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.900/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.4.900/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.900/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.4.900/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index a4d2463d6..000000000 --- a/charts/rancher-istio/1.4.900/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.4.900/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.4.900/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.900/charts/nodeagent/values.yaml b/charts/rancher-istio/1.4.900/charts/nodeagent/values.yaml deleted file mode 100755 index 9138c4647..000000000 --- a/charts/rancher-istio/1.4.900/charts/nodeagent/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -env: - # name of authentication provider. - CA_PROVIDER: "" - # CA endpoint. - CA_ADDR: "" - # names of authentication provider's plugins. - PLUGINS: "" -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.900/charts/pilot/Chart.yaml b/charts/rancher-istio/1.4.900/charts/pilot/Chart.yaml deleted file mode 100755 index a4063e1e0..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.9 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.4.900/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.4.900/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index 83af8fb06..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["rbac.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["security.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["authentication.istio.io"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["*"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.4.900/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.900/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.900/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.4.900/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 7e7cd2b97..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.900/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.4.900/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.900/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index fd9e06a71..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.4.900/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.900/charts/pilot/values.yaml b/charts/rancher-istio/1.4.900/charts/pilot/values.yaml deleted file mode 100755 index 84c90d9ed..000000000 --- a/charts/rancher-istio/1.4.900/charts/pilot/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.4.900/charts/prometheus/Chart.yaml deleted file mode 100755 index 63d2b7a8d..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.4.900/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.4.900/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.4.900/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index 1b26fa5a1..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,281 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name \ No newline at end of file diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 1033a2f5b..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.4.900/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.4.900/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index c36ce3f5c..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/prometheus/values.yaml b/charts/rancher-istio/1.4.900/charts/prometheus/values.yaml deleted file mode 100755 index 4edb9bcc6..000000000 --- a/charts/rancher-istio/1.4.900/charts/prometheus/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.4.900/charts/security/Chart.yaml b/charts/rancher-istio/1.4.900/charts/security/Chart.yaml deleted file mode 100755 index 81e3bee8f..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.9 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index 4674cf141..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/deployment.yaml deleted file mode 100755 index 81d0c6b28..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 75e4a18e3..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index b6944e026..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} -{{- end }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.4.900/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.4.900/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 481b486de..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/security/values.yaml b/charts/rancher-istio/1.4.900/charts/security/values.yaml deleted file mode 100755 index ba92eea7d..000000000 --- a/charts/rancher-istio/1.4.900/charts/security/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index 7c70325e9..000000000 --- a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.4.9 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index 95a2ea8e9..000000000 --- a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index 537e6f960..000000000 --- a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index ec64f8ed5..000000000 --- a/charts/rancher-istio/1.4.900/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: false - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.4.900/charts/tracing/.helmignore b/charts/rancher-istio/1.4.900/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.4.900/charts/tracing/Chart.yaml b/charts/rancher-istio/1.4.900/charts/tracing/Chart.yaml deleted file mode 100755 index 365b000f8..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.4.9 diff --git a/charts/rancher-istio/1.4.900/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.4.900/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index da54eeb94..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.900/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.4.900/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index eef24fc16..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.4.900/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.4.900/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.4.900/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.4.900/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index 38c4170b1..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.4.900/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.4.900/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.4.900/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.4.900/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index 64248e8c5..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/charts/tracing/values.yaml b/charts/rancher-istio/1.4.900/charts/tracing/values.yaml deleted file mode 100755 index cc55ea4af..000000000 --- a/charts/rancher-istio/1.4.900/charts/tracing/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.4.900/example-values/README.md b/charts/rancher-istio/1.4.900/example-values/README.md deleted file mode 100755 index 74fedcb60..000000000 --- a/charts/rancher-istio/1.4.900/example-values/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Example Values - -These files provide various example values for different Istio setups. - -To use them, [read the docs](https://istio.io/docs/setup/kubernetes/helm-install/) and add the flag `--values example-file.yaml`. diff --git a/charts/rancher-istio/1.4.900/example-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.900/example-values/values-istio-dns-cert.yaml deleted file mode 100755 index c00676fe9..000000000 --- a/charts/rancher-istio/1.4.900/example-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,6 +0,0 @@ -global: - certificates: - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.900/example-values/values-istio-example-sds-vault.yaml b/charts/rancher-istio/1.4.900/example-values/values-istio-example-sds-vault.yaml deleted file mode 100755 index 7ee3e3cd9..000000000 --- a/charts/rancher-istio/1.4.900/example-values/values-istio-example-sds-vault.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.9 - env: - # The IP address and the port number of a publicly accessible example Vault server. - CA_ADDR: "https://34.83.129.211:8200" - CA_PROVIDER: "VaultCA" - VALID_TOKEN: true - # The IP address and the port number of a publicly accessible example Vault server. - VAULT_ADDR: "https://34.83.129.211:8200" - VAULT_AUTH_PATH: "auth/kubernetes/login" - VAULT_ROLE: "istio-cert" - VAULT_SIGN_CSR_PATH: "istio_ca/sign/istio-pki-role" - VAULT_TLS_ROOT_CERT: '-----BEGIN CERTIFICATE-----\nMIIC3jCCAcagAwIBAgIRAO1S7vuRQmo2He+RtBq3fv8wDQYJKoZIhvcNAQELBQAw\nEDEOMAwGA1UEChMFVmF1bHQwIBcNMTkwNDI3MTY1ODE1WhgPMjExOTA0MDMxNjU4\nMTVaMBAxDjAMBgNVBAoTBVZhdWx0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA7/CTbnENEIvFZg9hmVtYnOx3OfMy/GNCuP7sqtAeVVTopAKKkcAAWQck\nrhpBooEGpCugNxXGNCuJh/2nu0AfGFRfdafwSJRoI6yHwQouDm0o4r3h9uL3tu5N\nD+x9j+eejbFsoZVn84CxGkEB6oyeXYHjc6eWh3PFGMtKuOQD4pezvDH0yNCx5waK\nhtPuYtl0ebfdbyh+WQuptO+Q9VSaQNqE3ipZ461y8PduwRRll241W0gQB2iasX03\nD36F2ZrMz3KEVRVKM1yCUDCy2RPJqkXPdnVMWmDGbe8Uw69zr25JltzuRZFT9HL3\nY1RnMTecmSc4ikTUHcMhFX3PYbfR5wIDAQABozEwLzAOBgNVHQ8BAf8EBAMCBaAw\nDAYDVR0TAQH/BAIwADAPBgNVHREECDAGhwQiU4HTMA0GCSqGSIb3DQEBCwUAA4IB\nAQCdLh6olDVQB71LD6srbfAE4EsxLEBbIRnv7Nf1S0KQwgW/QxK8DHBwJBxJkr1N\nzgEPx86f2Fo2UsY9m6rvgP3+iquyMsKi0ooUah3y3LSnONuZcdfSTl/HYd38S6Dp\nVkVOZ7781xxpFVUqQ5voQX1Y1Ipn5qw0FyIcNYWLkNX+iMf1b9kpEIWQNhRC/Yiv\nTS0VA/BzQemGyf2UB6QsuZLH+JFEZnzU859qURnNIITa1Wf4YUtka5Sp1kDnEll3\nwj4IlXKU+Wl1CzxJyn4SSQAXy/Lb08ZKrF/YSzcIISnRX5j+wa8ApOSwwA/B7iaT\nTWz1g+RlV9qHap70eIjPsQvb\n-----END CERTIFICATE-----' diff --git a/charts/rancher-istio/1.4.900/example-values/values-istio-gateways.yaml b/charts/rancher-istio/1.4.900/example-values/values-istio-gateways.yaml deleted file mode 100755 index b9930d0a0..000000000 --- a/charts/rancher-istio/1.4.900/example-values/values-istio-gateways.yaml +++ /dev/null @@ -1,135 +0,0 @@ -# Common settings. -global: - # Omit the istio-sidecar-injector configmap when generate a - # standalone gateway. Gateways may be created in namespaces other - # than `istio-system` and we don't want to re-create the injector - # configmap in those. - omitSidecarInjectorConfigMap: true - - # Istio control plane namespace: This specifies where the Istio control - # plane was installed earlier. Modify this if you installed the control - # plane in a different namespace than istio-system. - istioNamespace: istio-system - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specific gateway by setting the `enabled` to false. -# -gateways: - enabled: true - - custom-gateway: - enabled: true - labels: - app: custom-gateway - replicaCount: 1 - autoscaleMin: 1 - autoscaleMax: 5 - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - #requests: - # cpu: 1800m - # memory: 256Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: {} - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - - port: 80 - targetPort: 80 - name: http2 - # nodePort: 31380 - - port: 443 - name: https - # nodePort: 31390 - - port: 31400 - name: tcp - # nodePort: 31400 - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Addon ports for kiali are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15029 - targetPort: 15029 - name: http2-kiali - # Telemetry-related ports are enabled in gateway - but will only redirect if - # the gateway configuration for the various components are enabled. - - port: 15030 - targetPort: 15030 - name: http2-prometheus - - port: 15031 - targetPort: 15031 - name: http2-grafana - - port: 15032 - targetPort: 15032 - name: http2-tracing - secretVolumes: - - name: customgateway-certs - secretName: istio-customgateway-certs - mountPath: /etc/istio/customgateway-certs - - name: customgateway-ca-certs - secretName: istio-customgateway-ca-certs - mountPath: /etc/istio/customgateway-ca-certs - -# all other components are disabled except the gateways -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - -grafana: - enabled: false - -prometheus: - enabled: false - -tracing: - enabled: false - -kiali: - enabled: false - -certmanager: - enabled: false diff --git a/charts/rancher-istio/1.4.900/example-values/values-istio-googleca.yaml b/charts/rancher-istio/1.4.900/example-values/values-istio-googleca.yaml deleted file mode 100755 index e9523921b..000000000 --- a/charts/rancher-istio/1.4.900/example-values/values-istio-googleca.yaml +++ /dev/null @@ -1,29 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - # For GoogleCA, the aud field need to be set to the trustDomain, which is also set at the - # installation/configuration time, e.g. by running helm template. - token: - aud: "" - - trustDomain: "" - - useMCP: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.9 - env: - CA_PROVIDER: "GoogleCA" - CA_ADDR: "meshca.googleapis.com:443" - PLUGINS: "GoogleTokenExchange" - GKE_CLUSTER_URL: "" diff --git a/charts/rancher-istio/1.4.900/example-values/values-istio-meshexpansion-gateways.yaml b/charts/rancher-istio/1.4.900/example-values/values-istio-meshexpansion-gateways.yaml deleted file mode 100755 index 51a1ded16..000000000 --- a/charts/rancher-istio/1.4.900/example-values/values-istio-meshexpansion-gateways.yaml +++ /dev/null @@ -1,28 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - meshExpansion: - enabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.900/example-values/values-istio-multicluster-gateways.yaml b/charts/rancher-istio/1.4.900/example-values/values-istio-multicluster-gateways.yaml deleted file mode 100755 index 3524a3d47..000000000 --- a/charts/rancher-istio/1.4.900/example-values/values-istio-multicluster-gateways.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - # Provides dns resolution for global services - podDNSSearchNamespaces: - - global - - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - multiCluster: - enabled: true - - controlPlaneSecurityEnabled: true - -# Multicluster with gateways requires a root CA -# Cluster local CAs are bootstrapped with the root CA. -security: - selfSigned: false - -# Provides dns resolution for service entries of form -# name.namespace.global -istiocoredns: - enabled: true - -gateways: - istio-egressgateway: - enabled: true - env: - # Needed to route traffic via egress gateway if desired. - ISTIO_META_REQUESTED_NETWORK_VIEW: "external" diff --git a/charts/rancher-istio/1.4.900/files/injection-template.yaml b/charts/rancher-istio/1.4.900/files/injection-template.yaml deleted file mode 100755 index df94e5689..000000000 --- a/charts/rancher-istio/1.4.900/files/injection-template.yaml +++ /dev/null @@ -1,461 +0,0 @@ -{{- $cniDisabled := (not .Values.istio_cni.enabled) }} -{{- $cniRepairEnabled := (and .Values.istio_cni.enabled .Values.istio_cni.repair.enabled) }} -{{- $enableInitContainer := (or $cniDisabled $cniRepairEnabled .Values.global.proxy.enableCoreDump) }} -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} -{{- if $enableInitContainer }} -initContainers: -{{- if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{ if $cniRepairEnabled -}} -- name: istio-validation -{{ else -}} -- name: istio-init -{{ end -}} -{{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- end }} - command: -{{- if $cniRepairEnabled }} - - istio-iptables-go -{{- else }} - - istio-iptables -{{- end }} - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} -{{ if $cniRepairEnabled -}} - - "--run-validation" - - "--skip-rule-apply" -{{- end }} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" -{{- if .Values.global.proxy.init.resources }} - resources: - {{ toYaml .Values.global.proxy.init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: -{{- if not $cniRepairEnabled }} - add: - - NET_ADMIN - - NET_RAW -{{- end }} - drop: - - ALL - readOnlyRootFilesystem: false - {{- if not $cniRepairEnabled }} - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - runAsGroup: 1337 - runAsUser: 1337 - runAsNonRoot: true - {{- end }} - restartPolicy: Always - {{ end -}} -{{- if eq .Values.global.proxy.enableCoreDump true }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} - {{ end }} -containers: -- name: istio-proxy -{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` "") }} # if custom pod then use that - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" -{{- else }} - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- else }} - image: "{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- end }} -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" - - --applicationPorts - - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents.Value }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.4.900/questions.yaml b/charts/rancher-istio/1.4.900/questions.yaml deleted file mode 100644 index 4108ee19c..000000000 --- a/charts/rancher-istio/1.4.900/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v1.4.900: 1.4.9 -rancher_min_version: 2.3.8-rc1 -rancher_max_version: 2.3.8-rc1 diff --git a/charts/rancher-istio/1.4.900/requirements.yaml b/charts/rancher-istio/1.4.900/requirements.yaml deleted file mode 100755 index bdbc2b981..000000000 --- a/charts/rancher-istio/1.4.900/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.4.9 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.4.9 - condition: security.enabled - - name: gateways - version: 1.4.9 - condition: gateways.enabled - - name: mixer - version: 1.4.9 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.4.9 - condition: nodeagent.enabled - - name: pilot - version: 1.4.9 - condition: pilot.enabled - - name: grafana - version: 1.4.9 - condition: grafana.enabled - - name: prometheus - version: 1.4.9 - condition: prometheus.enabled - - name: tracing - version: 1.4.9 - condition: tracing.enabled - - name: galley - version: 1.4.9 - condition: galley.enabled - - name: kiali - version: 1.4.9 - condition: kiali.enabled - - name: istiocoredns - version: 1.4.9 - condition: istiocoredns.enabled - - name: certmanager - version: 1.4.9 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.4.900/templates/NOTES.txt b/charts/rancher-istio/1.4.900/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.4.900/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.4.900/templates/_affinity.tpl b/charts/rancher-istio/1.4.900/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.4.900/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/templates/_helpers.tpl b/charts/rancher-istio/1.4.900/templates/_helpers.tpl deleted file mode 100755 index cf10568c7..000000000 --- a/charts/rancher-istio/1.4.900/templates/_helpers.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.4.900/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.4.900/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.4.900/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.4.900/templates/clusterrole.yaml b/charts/rancher-istio/1.4.900/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.4.900/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.4.900/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.4.900/templates/clusterrolebinding.yaml deleted file mode 100755 index 827601b3d..000000000 --- a/charts/rancher-istio/1.4.900/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.900/templates/configmap.yaml b/charts/rancher-istio/1.4.900/templates/configmap.yaml deleted file mode 100755 index e260cbb7f..000000000 --- a/charts/rancher-istio/1.4.900/templates/configmap.yaml +++ /dev/null @@ -1,341 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - - {{ .Values.pilot.configSource.subscribedResources }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/templates/crd-10.yaml b/charts/rancher-istio/1.4.900/templates/crd-10.yaml deleted file mode 100644 index f017e2658..000000000 --- a/charts/rancher-istio/1.4.900/templates/crd-10.yaml +++ /dev/null @@ -1,4816 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible - for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is - exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP - requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a - backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per - connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP - upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on - the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer - algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep - analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to - the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server - during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded - to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to - a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool - connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to - a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to - a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutiveErrors: - format: int32 - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS - handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more - details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was - generated. - type: integer - service: - description: The fully qualified service name for this - cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match - on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply - the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's - match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual - host. - properties: - action: - description: Match a route with specific action - type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener - is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway - listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified - cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details - at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - type: boolean - origins: - description: List of authentication methods that can be used for origin - authentication. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - type: boolean - peers: - description: List of authentication methods that can be used for peer - authentication. - items: - oneOf: - - required: - - mtls - - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match - as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: WILL BE DEPRECATED, if set, will translates to - `TLS_PERMISSIVE` mode. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Define whether peer or origin identity should be use for - principal. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: List rules to select workloads that the policy should be - applied on. - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN - in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify - the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced - by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and - telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates - to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection - per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override - the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value - of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` - before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled - limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL - or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details - at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details - at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, - etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these - routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - appendHeaders: - additionalProperties: - format: string - type: string - type: object - appendRequestHeaders: - additionalProperties: - format: string - type: string - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - type: object - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - nullable: true - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. - items: - format: string - type: string - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at - the client side. - properties: - abort: - oneOf: - - properties: - percent: {} - required: - - httpStatus - - properties: - percent: {} - required: - - grpcStatus - - properties: - percent: {} - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http - request. - format: int32 - type: integer - percent: - description: Percentage of requests to be aborted with - the error code provided (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with - the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - properties: - percent: {} - required: - - fixedDelay - - properties: - percent: {} - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay - will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should - be case-insensitive. - type: boolean - method: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being - addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A http rule can either redirect or forward (default) - traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - removeRequestHeaders: - items: - format: string - type: string - type: array - removeResponseHeaders: - items: - format: string - type: string - type: array - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes - place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A http rule can either redirect or forward (default) - traffic. - items: - properties: - appendRequestHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_request_headers` is deprecated. - type: object - appendResponseHeaders: - additionalProperties: - format: string - type: string - description: Use of `append_response_headers` is deprecated. - type: object - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - removeRequestHeaders: - description: Use of `remove_request_headers` is deprecated. - items: - format: string - type: string - type: array - removeResponseHeaders: - description: Use of `remove_response_header` is deprecated. - items: - format: string - type: string - type: array - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - websocketUpgrade: - description: Deprecated. - type: boolean - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - labels: - app: mixer - package: instance - istio: mixer-instance - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - labels: - app: mixer - package: handler - istio: mixer-handler - chart: istio - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.900/templates/crd-11.yaml b/charts/rancher-istio/1.4.900/templates/crd-11.yaml deleted file mode 100644 index 0de33afd9..000000000 --- a/charts/rancher-istio/1.4.900/templates/crd-11.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. - See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The ip to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.900/templates/crd-14.yaml b/charts/rancher-istio/1.4.900/templates/crd-14.yaml deleted file mode 100644 index e51edfc5c..000000000 --- a/charts/rancher-istio/1.4.900/templates/crd-14.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app: istio-pilot - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io - annotations: - helm.sh/hook: crd-install,pre-upgrade -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details - at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html' - properties: - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - values: - description: The allowed values for the attribute. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.4.900/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.4.900/templates/crd-certmanager-10.yaml deleted file mode 100644 index a3a61f7f5..000000000 --- a/charts/rancher-istio/1.4.900/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.4.900/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.4.900/templates/crd-certmanager-11.yaml deleted file mode 100644 index ea6a96967..000000000 --- a/charts/rancher-istio/1.4.900/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.4.900/templates/endpoints.yaml b/charts/rancher-istio/1.4.900/templates/endpoints.yaml deleted file mode 100755 index 81b821853..000000000 --- a/charts/rancher-istio/1.4.900/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.4.900/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.4.900/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.4.900/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.4.900/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.4.900/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.4.900/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.4.900/templates/service.yaml b/charts/rancher-istio/1.4.900/templates/service.yaml deleted file mode 100755 index 732cdefd2..000000000 --- a/charts/rancher-istio/1.4.900/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if or .Values.global.remotePilotCreateSvcEndpoint .Values.global.createRemoteSvcEndpoints }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.4.900/templates/serviceaccount.yaml b/charts/rancher-istio/1.4.900/templates/serviceaccount.yaml deleted file mode 100755 index e52d9eb9c..000000000 --- a/charts/rancher-istio/1.4.900/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.4.900/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.4.900/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.4.900/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.4.900/test-values/README.md b/charts/rancher-istio/1.4.900/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.4.900/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.4.900/test-values/values-e2e.yaml b/charts/rancher-istio/1.4.900/test-values/values-e2e.yaml deleted file mode 100755 index 18264aa2f..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - kiali: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index 9293ce309..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,25 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.9 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.4.900/test-values/values-istio.yaml b/charts/rancher-istio/1.4.900/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.4.900/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.4.900/values-istio-demo.yaml b/charts/rancher-istio/1.4.900/values-istio-demo.yaml deleted file mode 100755 index d28dbaaf2..000000000 --- a/charts/rancher-istio/1.4.900/values-istio-demo.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# This is used to generate istio.yaml for minimal, demo mode. -# It is shipped with the release, used for bookinfo or quick installation of istio. -# Includes components used in the demo, defaults to alpha3 rules. -global: - controlPlaneSecurityEnabled: false - - proxy: - accessLogFile: "/dev/stdout" - resources: - requests: - cpu: 10m - memory: 40Mi - - disablePolicyChecks: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - -sidecarInjectorWebhook: - enabled: true - # If true, webhook or istioctl injector will rewrite PodSpec for liveness - # health check to redirect request to sidecar. This makes liveness check work - # even when mTLS is enabled. - rewriteAppHTTPProbe: false - -pilot: - autoscaleEnabled: false - traceSampling: 100.0 - resources: - requests: - cpu: 10m - memory: 100Mi - -mixer: - policy: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - - telemetry: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 50m - memory: 100Mi - - adapters: - stdio: - enabled: true - -grafana: - enabled: true - -tracing: - enabled: true - -kiali: - enabled: true - createDemoSecret: true - -gateways: - istio-ingressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - - istio-egressgateway: - enabled: true - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi diff --git a/charts/rancher-istio/1.4.900/values-istio-minimal.yaml b/charts/rancher-istio/1.4.900/values-istio-minimal.yaml deleted file mode 100755 index de45fa458..000000000 --- a/charts/rancher-istio/1.4.900/values-istio-minimal.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Minimal Istio Configuration: https://istio.io/docs/setup/kubernetes/additional-setup/config-profiles/ -# -pilot: - enabled: true - sidecar: false - -gateways: - enabled: false - -security: - enabled: false - -sidecarInjectorWebhook: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -prometheus: - enabled: false - - -# Common settings. -global: - - proxy: - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - useMCP: false - - diff --git a/charts/rancher-istio/1.4.900/values-istio-remote.yaml b/charts/rancher-istio/1.4.900/values-istio-remote.yaml deleted file mode 100755 index 4ff03c360..000000000 --- a/charts/rancher-istio/1.4.900/values-istio-remote.yaml +++ /dev/null @@ -1,36 +0,0 @@ -gateways: - enabled: false - -galley: - enabled: false - -mixer: - policy: - enabled: false - telemetry: - enabled: false - -pilot: - enabled: false - configSource: - subscribedResources: - -security: - enabled: true - createMeshPolicy: false - -prometheus: - enabled: false - -global: - istioRemote: true - - enableTracing: false - - # Sets an identifier for the remote network to be used for Split Horizon EDS. The network will be sent - # to the Pilot when connected by the sidecar and will affect the results returned in EDS requests. - # Based on the network identifier Pilot will return all local endpoints + endpoints of gateways to - # other networks. - # - # Must match the names in the meshNetworks section in the Istio local. - network: "" diff --git a/charts/rancher-istio/1.4.900/values-istio-sds-auth-control-plane-auth-disabled.yaml b/charts/rancher-istio/1.4.900/values-istio-sds-auth-control-plane-auth-disabled.yaml deleted file mode 100755 index 31dbb5fe7..000000000 --- a/charts/rancher-istio/1.4.900/values-istio-sds-auth-control-plane-auth-disabled.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.9 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.900/values-istio-sds-auth.yaml b/charts/rancher-istio/1.4.900/values-istio-sds-auth.yaml deleted file mode 100755 index 12af06f34..000000000 --- a/charts/rancher-istio/1.4.900/values-istio-sds-auth.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - -nodeagent: - enabled: true - repository: rancher/istio-node-agent-k8s - tag: 1.4.9 - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.4.900/values.yaml b/charts/rancher-istio/1.4.900/values.yaml deleted file mode 100755 index bdccf54ef..000000000 --- a/charts/rancher-istio/1.4.900/values.yaml +++ /dev/null @@ -1,685 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: 1.4.9 - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.4.9 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - repository: rancher/istio-mixer - tag: 1.4.9 - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: 1.4.9 - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: 1.4.9 - enabled: true - -# -# nodeagent configuration -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - repository: rancher/grafana-grafana - tag: 6.3.6 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.12.0 - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.14 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - enabled: false - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.15 - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - enabled: false - image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.8.1 - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - repair: - enabled: true - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.6.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Common settings used among istio subcharts. -global: - - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - clusterId: - - systemDefaultRegistry: "" - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.4.9 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.4.9 - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - # use fully qualified image names for alternate path to proxy. - repository: rancher/istio-proxyv2 - tag: 1.4.9 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - repository: rancher/istio-proxyv2 - tag: 1.4.9 - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: false - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: false - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - nodeagent: - repository: rancher/istio-node-agent-k8s - tag: 1.4.9 - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-istio/1.5.800/.helmignore b/charts/rancher-istio/1.5.800/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.5.800/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.5.800/Chart.yaml b/charts/rancher-istio/1.5.800/Chart.yaml deleted file mode 100755 index 5edaafbbd..000000000 --- a/charts/rancher-istio/1.5.800/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.8 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -name: rancher-istio -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' -version: 1.5.800 diff --git a/charts/rancher-istio/1.5.800/LICENSE b/charts/rancher-istio/1.5.800/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.5.800/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.5.800/README.md b/charts/rancher-istio/1.5.800/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.5.800/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.5.800/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.5.800/charts/certmanager/Chart.yaml deleted file mode 100755 index 62b9163c1..000000000 --- a/charts/rancher-istio/1.5.800/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.5.800/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.5.800/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.5.800/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.5.800/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 323228638..000000000 --- a/charts/rancher-istio/1.5.800/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.5.800/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.5.800/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.5.800/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.800/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index bb3c95c27..000000000 --- a/charts/rancher-istio/1.5.800/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.5.800/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.5.800/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.5.800/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.5.800/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.800/charts/certmanager/values.yaml b/charts/rancher-istio/1.5.800/charts/certmanager/values.yaml deleted file mode 100755 index 2dbff4beb..000000000 --- a/charts/rancher-istio/1.5.800/charts/certmanager/values.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -hub: quay.io/jetstack -# image: cert-manager-controller -tag: v0.8.1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.800/charts/galley/Chart.yaml b/charts/rancher-istio/1.5.800/charts/galley/Chart.yaml deleted file mode 100755 index f4e095675..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.8 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.5.800/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index 504abc079..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterroles"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.5.800/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.800/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.800/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.5.800/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.5.800/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/galley/templates/deployment.yaml deleted file mode 100755 index 1110c9b57..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/tmp/healthliveness - - --readinessProbePath=/tmp/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/tmp/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/tmp/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - # galley expects /etc/config to exist even though it doesn't include any files. - - name: config - emptyDir: - medium: Memory - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.800/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.800/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 1bf374e4a..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/galley/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/galley/templates/service.yaml deleted file mode 100755 index 35e258175..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/templates/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - targetPort: 9443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.5.800/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.800/charts/galley/templates/validatingwebhookconfiguration.yaml b/charts/rancher-istio/1.5.800/charts/galley/templates/validatingwebhookconfiguration.yaml deleted file mode 100755 index 4e1f50f2c..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{/* - This version of the validatingwebhookconfiguration is applied directly by - helm. Galley only patches the caBundle and failurePolicy. -*/}} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - adapters - - handlers - - instances - - templates - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None \ No newline at end of file diff --git a/charts/rancher-istio/1.5.800/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.5.800/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 8df00f798..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,111 +0,0 @@ -{{/* - This version of the validatingwebhookconfiguration is applied indirectly - by galley. This exists to support a smoother upgrade path from istio - Rversions < 1.4 -*/}} -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - adapters - - handlers - - instances - - templates - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/galley/values.yaml b/charts/rancher-istio/1.5.800/charts/galley/values.yaml deleted file mode 100755 index 1dc415a8c..000000000 --- a/charts/rancher-istio/1.5.800/charts/galley/values.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: galley -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.5.800/charts/gateways/Chart.yaml b/charts/rancher-istio/1.5.800/charts/gateways/Chart.yaml deleted file mode 100755 index 557088987..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.8 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.5.800/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.5.800/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/gateways/templates/deployment.yaml deleted file mode 100755 index bb1b755fc..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,385 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - {{- if $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.800/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 865921ed8..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.5.800/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 6ef10a6a1..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,246 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadSelector: - labels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - configPatches: - - applyTo: NETWORK_FILTER - match: - context: GATEWAY - listener: - portNumber: 15443 - filterChain: - filter: - name: "envoy.filters.network.sni_cluster" - patch: - operation: INSERT_AFTER - value: - name: "envoy.filters.network.tcp_cluster_rewrite" - config: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.5.800/charts/gateways/templates/role.yaml deleted file mode 100755 index 6ebfb3504..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.5.800/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index 7fdfe6e40..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.800/charts/gateways/values.yaml b/charts/rancher-istio/1.5.800/charts/gateways/values.yaml deleted file mode 100755 index 69815e451..000000000 --- a/charts/rancher-istio/1.5.800/charts/gateways/values.yaml +++ /dev/null @@ -1,282 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - image: node-agent-k8s - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - env: - # By default, a gateway is in "standard" mode. If the mode is set to "sni-dnat", - # pilot generates an additional - # set of clusters for internal services without Istio mTLS, to - # enable cross cluster routing. Enable when using multi-cluster routing. - ISTIO_META_ROUTER_MODE: "standard" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - - # By default, a gateway is in "standard" mode. If the mode is set to "sni-dnat", - # pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "standard" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.5.800/charts/grafana/Chart.yaml b/charts/rancher-istio/1.5.800/charts/grafana/Chart.yaml deleted file mode 100755 index b69412c07..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.8 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.5.800/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index 7cb8e5b28..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"citadel\", pod=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.5.800/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index 1cdb6a5b2..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1734 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}[1m])) by (container)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 505043e54..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}[1m])) by (container)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m])) by (container)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.5.800/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index 6da44ec0a..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container, pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.5.800/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index bdc7e720e..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"discovery\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"discovery\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"istio-proxy\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"discovery\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.800/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.5.800/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.5.800/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.5.800/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.5.800/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.5.800/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index 64bf3e451..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/grafana/templates/deployment.yaml deleted file mode 100755 index 9ad2a7f56..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.5.800/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.5.800/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.5.800/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.5.800/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index 7c8d1944b..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/grafana/values.yaml b/charts/rancher-istio/1.5.800/charts/grafana/values.yaml deleted file mode 100755 index 7b977c1e7..000000000 --- a/charts/rancher-istio/1.5.800/charts/grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.5.800/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.5.800/charts/istiocoredns/Chart.yaml deleted file mode 100755 index be55eb3d4..000000000 --- a/charts/rancher-istio/1.5.800/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 925626f6b..000000000 --- a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.coreDNSTag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index 4af0a2256..000000000 --- a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.5.800/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.800/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.5.800/charts/istiocoredns/values.yaml deleted file mode 100755 index 6b31219cc..000000000 --- a/charts/rancher-istio/1.5.800/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -coreDNSImage: coredns/coredns -coreDNSTag: 1.6.2 -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -coreDNSPluginImage: istio/coredns-plugin:0.2-istio-1.1 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.800/charts/kiali/Chart.yaml b/charts/rancher-istio/1.5.800/charts/kiali/Chart.yaml deleted file mode 100755 index d6081dd21..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.1 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.1 diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.5.800/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.800/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.5.800/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 44c9dd199..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - login_token: - signing_key: {{ randAlphaNum 10 | quote }} - auth: - strategy: {{ .Values.dashboard.auth.strategy }} -{{- if eq .Values.dashboard.auth.strategy "ldap" }} - ldap: -{{- with .Values.dashboard.auth.strategy.ldap }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - in_cluster_url: {{ .Values.dashboard.jaegerInClusterURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - in_cluster_url: {{ .Values.dashboard.grafanaInClusterURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.5.800/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/kiali/templates/deployment.yaml deleted file mode 100755 index d0624ef08..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.5.800/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.5.800/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.800/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.5.800/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index e2a1ff671..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/kiali/values.yaml b/charts/rancher-istio/1.5.800/charts/kiali/values.yaml deleted file mode 100755 index af167baf3..000000000 --- a/charts/rancher-istio/1.5.800/charts/kiali/values.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -hub: quay.io/kiali -image: kiali -tag: v1.15 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, openshift, or ldap - # ldap: # This is required to use the ldap strategy - # ldap_base: "DC=example,DC=com" - # ldap_bind_dn: "CN={USERID},OU=xyz,OU=Users,OU=Accounts,DC=example,DC=com" - # ldap_group_filter: "(cn=%s)" - # ldap_host: "ldap-service.ldap-namespace" - # ldap_insecure_skip_verify: true - # ldap_mail_id_key: "mail" - # ldap_member_of_key: "memberOf" - # ldap_port: 123 - # ldap_role_filter: ".*xyz.*" - # ldap_search_filter: "(&(name={USERID}))" - # ldap_use_ssl: false - # ldap_user_filter: "(cn=%s)" - # ldap_user_id_key: "cn" - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - grafanaInClusterURL: "http://grafana:3000" # In Kubernetes cluster with ELB in front this option is needed, since public IP of ELB is not reachable from inside the cluster - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. - jaegerInClusterURL: "http://tracing/jaeger" # If you have Jaeger installed and accessible from Kiali pod (typically in cluster), then set this property to enable more tracing charts within Kiali. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.5.800/charts/mixer/Chart.yaml b/charts/rancher-istio/1.5.800/charts/mixer/Chart.yaml deleted file mode 100755 index fed0f6841..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.8 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.5.800/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.5.800/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.800/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.5.800/charts/mixer/templates/config.yaml deleted file mode 100755 index e2ef31d38..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1084 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: api.protocol | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: {} - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 5b7dc3a89..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.5.800/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.800/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index 35bbc40d7..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.800/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/mixer/values.yaml b/charts/rancher-istio/1.5.800/charts/mixer/values.yaml deleted file mode 100755 index d335c36c3..000000000 --- a/charts/rancher-istio/1.5.800/charts/mixer/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# -# mixer configuration -# -image: mixer - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.5.800/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.5.800/charts/nodeagent/Chart.yaml deleted file mode 100755 index c40473d61..000000000 --- a/charts/rancher-istio/1.5.800/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.8 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.5.800/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.5.800/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.5.800/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.5.800/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.800/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.5.800/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.800/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.5.800/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index a4d2463d6..000000000 --- a/charts/rancher-istio/1.5.800/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.5.800/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.5.800/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.800/charts/nodeagent/values.yaml b/charts/rancher-istio/1.5.800/charts/nodeagent/values.yaml deleted file mode 100755 index 3e1c09045..000000000 --- a/charts/rancher-istio/1.5.800/charts/nodeagent/values.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -image: node-agent-k8s -env: - # name of authentication provider. - CA_PROVIDER: "Citadel" - # CA endpoint. - CA_ADDR: "istio-citadel:8060" - # names of authentication provider's plugins. - PLUGINS: "" - VALID_TOKEN: true -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.800/charts/pilot/Chart.yaml b/charts/rancher-istio/1.5.800/charts/pilot/Chart.yaml deleted file mode 100755 index db3881f2c..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.8 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.5.800/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.5.800/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index d149176a9..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: - - config.istio.io - - rbac.istio.io - - security.istio.io - - networking.istio.io - - authentication.istio.io - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.5.800/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.800/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.800/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.5.800/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 7e7cd2b97..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.5.800/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.800/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.800/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index a432023ca..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.5.800/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.800/charts/pilot/values.yaml b/charts/rancher-istio/1.5.800/charts/pilot/values.yaml deleted file mode 100755 index 0d37ec59c..000000000 --- a/charts/rancher-istio/1.5.800/charts/pilot/values.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: pilot -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.5.800/charts/prometheus/Chart.yaml deleted file mode 100755 index d7d602a47..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.5.800/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.5.800/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.5.800/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index cfd0d43ab..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,294 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - - job_name: 'sidecar-injector' - - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-sidecar-injector;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 1033a2f5b..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.5.800/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.5.800/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index c36ce3f5c..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/prometheus/values.yaml b/charts/rancher-istio/1.5.800/charts/prometheus/values.yaml deleted file mode 100755 index 76bda8457..000000000 --- a/charts/rancher-istio/1.5.800/charts/prometheus/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -hub: docker.io/prom -image: prometheus -tag: v2.12.0 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.5.800/charts/security/Chart.yaml b/charts/rancher-istio/1.5.800/charts/security/Chart.yaml deleted file mode 100755 index 7ed3452e7..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.8 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index 61e1156a4..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/deployment.yaml deleted file mode 100755 index 81d0c6b28..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 661617803..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} -{{- if not .Values.global.mtls.auto }} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index 1a8809599..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.800/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.5.800/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 481b486de..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/security/values.yaml b/charts/rancher-istio/1.5.800/charts/security/values.yaml deleted file mode 100755 index ee16f2c60..000000000 --- a/charts/rancher-istio/1.5.800/charts/security/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: citadel -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index 8ed05bcf9..000000000 --- a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.8 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index b0ddf131f..000000000 --- a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/tmp/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/tmp/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/tmp/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index ea03cd81c..000000000 --- a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - targetPort: 9443 - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index b2716d945..000000000 --- a/charts/rancher-istio/1.5.800/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: sidecar_injector -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: true - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.5.800/charts/tracing/.helmignore b/charts/rancher-istio/1.5.800/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.5.800/charts/tracing/Chart.yaml b/charts/rancher-istio/1.5.800/charts/tracing/Chart.yaml deleted file mode 100755 index a6ef87879..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.5.8 diff --git a/charts/rancher-istio/1.5.800/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.5.800/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index da54eeb94..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.5.800/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.5.800/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index eef24fc16..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.5.800/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.5.800/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.5.800/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.5.800/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index f7ab769b8..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,114 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector-headless - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - clusterIP: None -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.5.800/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.5.800/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.5.800/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.5.800/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index 64248e8c5..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/charts/tracing/values.yaml b/charts/rancher-istio/1.5.800/charts/tracing/values.yaml deleted file mode 100755 index 03381bfe5..000000000 --- a/charts/rancher-istio/1.5.800/charts/tracing/values.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - hub: docker.io/jaegertracing - image: all-in-one - tag: 1.16 - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - hub: docker.io/openzipkin - image: zipkin - tag: 2.14.2 - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.5.800/files/injection-template.yaml b/charts/rancher-istio/1.5.800/files/injection-template.yaml deleted file mode 100755 index 42a27984c..000000000 --- a/charts/rancher-istio/1.5.800/files/injection-template.yaml +++ /dev/null @@ -1,462 +0,0 @@ -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe true }} -initContainers: -{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{ if .Values.istio_cni.enabled -}} -- name: istio-validation -{{ else -}} -- name: istio-init -{{ end -}} -{{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- end }} - command: - - istio-iptables - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if .Values.istio_cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ end -}} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" -{{- if .Values.global.proxy_init.resources }} - resources: - {{ toYaml .Values.global.proxy_init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.istio_cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.istio_cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsUser: 1337 - runAsNonRoot: true - {{- end }} - restartPolicy: Always -{{ end -}} -{{- if eq (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} -containers: -- name: istio-proxy -{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` "") }} # if custom pod then use that - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" -{{- else }} - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- else }} - image: "{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- end }} -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} -{{- if .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- end }} -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} -{{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: |- - [ - {{- range $index, $container := .Spec.Containers }} - {{- if ne $index 0}},{{- end}} - {{ $container.Name }} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents.Value }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else -}} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.5.800/questions.yaml b/charts/rancher-istio/1.5.800/questions.yaml deleted file mode 100644 index a0baf76ee..000000000 --- a/charts/rancher-istio/1.5.800/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v1.5.800: 1.5.8 -rancher_min_version: 2.4.5-rc1 -rancher_max_version: 2.4.5-rc1 \ No newline at end of file diff --git a/charts/rancher-istio/1.5.800/requirements.yaml b/charts/rancher-istio/1.5.800/requirements.yaml deleted file mode 100755 index 64600e2a4..000000000 --- a/charts/rancher-istio/1.5.800/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.5.8 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.5.8 - condition: security.enabled - - name: gateways - version: 1.5.8 - condition: gateways.enabled - - name: mixer - version: 1.5.8 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.5.8 - condition: nodeagent.enabled - - name: pilot - version: 1.5.8 - condition: pilot.enabled - - name: grafana - version: 1.5.8 - condition: grafana.enabled - - name: prometheus - version: 1.5.8 - condition: prometheus.enabled - - name: tracing - version: 1.5.8 - condition: tracing.enabled - - name: galley - version: 1.5.8 - condition: galley.enabled - - name: kiali - version: 1.5.8 - condition: kiali.enabled - - name: istiocoredns - version: 1.5.8 - condition: istiocoredns.enabled - - name: certmanager - version: 1.5.8 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.5.800/templates/NOTES.txt b/charts/rancher-istio/1.5.800/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.5.800/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.5.800/templates/_affinity.tpl b/charts/rancher-istio/1.5.800/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.5.800/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/templates/_helpers.tpl b/charts/rancher-istio/1.5.800/templates/_helpers.tpl deleted file mode 100755 index 3f267faa2..000000000 --- a/charts/rancher-istio/1.5.800/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.800/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.5.800/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.5.800/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.5.800/templates/clusterrole.yaml b/charts/rancher-istio/1.5.800/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.5.800/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.5.800/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.800/templates/clusterrolebinding.yaml deleted file mode 100755 index 759678ea6..000000000 --- a/charts/rancher-istio/1.5.800/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.800/templates/configmap.yaml b/charts/rancher-istio/1.5.800/templates/configmap.yaml deleted file mode 100755 index 6bac37a7c..000000000 --- a/charts/rancher-istio/1.5.800/templates/configmap.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - {{- range .Values.pilot.configSource.subscribedResources }} - - {{ . }} - {{- end }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - {{- if .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- end }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/templates/crd-all.gen.yaml b/charts/rancher-istio/1.5.800/templates/crd-all.gen.yaml deleted file mode 100644 index 6c95a751d..000000000 --- a/charts/rancher-istio/1.5.800/templates/crd-all.gen.yaml +++ /dev/null @@ -1,6037 +0,0 @@ -# DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs. -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - description: Deprecated. - type: boolean - origins: - description: Deprecated. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - description: Deprecated. - type: boolean - peers: - description: List of authentication methods that can be used for peer authentication. - items: - oneOf: - - not: - anyOf: - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: Deprecated. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Deprecated. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: Deprecated. - items: - properties: - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - not: - anyOf: - - required: - - number - - required: - - name - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - listKind: PolicyList - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - description: Deprecated. - type: boolean - origins: - description: Deprecated. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - description: Deprecated. - type: boolean - peers: - description: List of authentication methods that can be used for peer authentication. - items: - oneOf: - - not: - anyOf: - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: Deprecated. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Deprecated. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: Deprecated. - items: - properties: - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - not: - anyOf: - - required: - - number - - required: - - name - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - listKind: HTTPAPISpecList - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - not: - anyOf: - - required: - - query - - required: - - header - - required: - - cookie - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - not: - anyOf: - - required: - - query - - required: - - header - - required: - - cookie - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - not: - anyOf: - - required: - - uriTemplate - - required: - - regex - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - listKind: HTTPAPISpecBindingList - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - listKind: QuotaSpecList - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - listKind: QuotaSpecBindingList - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - listKind: EnvoyFilterList - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - not: - anyOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was generated. - type: integer - service: - description: The fully qualified service name for this cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual host. - properties: - action: - description: Match a route with specific action type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - - INSERT_FIRST - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - listKind: GatewayList - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details at: https://istio.io/docs/reference/config/networking/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - listKind: SidecarList - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The IP to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform CORS requests. - items: - format: string - type: string - type: array - allowOrigins: - description: String patterns that match allowed origins. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at the client side. - properties: - abort: - oneOf: - - not: - anyOf: - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http request. - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - not: - anyOf: - - required: - - fixedDelay - - required: - - exponentialDelay - - required: - - fixedDelay - - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should be case-insensitive. - type: boolean - method: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` field. - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` field. - type: integer - mirrorPercentage: - description: Percentage of the traffic to be mirrored by the `mirror` field. - properties: - value: - format: double - type: number - type: object - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A HTTP rule can either redirect or forward (default) traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A HTTP rule can either redirect or forward (default) traffic. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: array - route: - description: The destination to which the connection should be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - listKind: attributemanifestList - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: mixer-handler - package: handler - release: istio - name: handlers.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: handler - listKind: handlerList - plural: handlers - singular: handler - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Handler allows the operator to configure a specific adapter implementation. - properties: - adapter: - description: The name of a specific adapter implementation. - format: string - type: string - compiledAdapter: - description: The name of the compiled in adapter this handler instantiates. - format: string - type: string - connection: - description: Information on how to connect to the out-of-process adapter. - properties: - address: - description: The address of the backend. - format: string - type: string - authentication: - description: Auth config for the connection to the backend. - oneOf: - - not: - anyOf: - - properties: - tls: - allOf: - - oneOf: - - not: - anyOf: - - required: - - tokenPath - - required: - - oauth - - required: - - tokenPath - - required: - - oauth - - oneOf: - - not: - anyOf: - - required: - - authHeader - - required: - - customHeader - - required: - - authHeader - - required: - - customHeader - required: - - tls - - required: - - mutual - - properties: - tls: - allOf: - - oneOf: - - not: - anyOf: - - required: - - tokenPath - - required: - - oauth - - required: - - tokenPath - - required: - - oauth - - oneOf: - - not: - anyOf: - - required: - - authHeader - - required: - - customHeader - - required: - - authHeader - - required: - - customHeader - required: - - tls - - required: - - mutual - properties: - mutual: - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: The path to the file holding client certificate for mutual TLS. - format: string - type: string - privateKey: - description: The path to the file holding the private key for mutual TLS. - format: string - type: string - serverName: - description: Used to configure mixer mutual TLS client to supply server name for SNI. - format: string - type: string - type: object - tls: - properties: - authHeader: - description: Access token is passed as authorization header. - enum: - - PLAIN - - BEARER - type: string - caCertificates: - format: string - type: string - customHeader: - description: Customized header key to hold access token, e.g. - format: string - type: string - oauth: - description: Oauth config to fetch access token from auth provider. - properties: - clientId: - description: OAuth client id for mixer. - format: string - type: string - clientSecret: - description: The path to the file holding the client secret for oauth. - format: string - type: string - endpointParams: - additionalProperties: - format: string - type: string - description: Additional parameters for requests to the token endpoint. - type: object - scopes: - description: List of requested permissions. - items: - format: string - type: string - type: array - tokenUrl: - description: The Resource server's token endpoint URL. - format: string - type: string - type: object - serverName: - format: string - type: string - tokenPath: - format: string - type: string - type: object - type: object - timeout: - description: Timeout for remote calls to the backend. - type: string - type: object - name: - description: Must be unique in the entire Mixer configuration. - format: string - type: string - params: - description: Depends on adapter implementation. - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: mixer-instance - package: instance - release: istio - name: instances.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: instance - listKind: instanceList - plural: instances - singular: instance - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: An Instance tells Mixer how to create instances for particular template. - properties: - attributeBindings: - additionalProperties: - format: string - type: string - type: object - compiledTemplate: - description: The name of the compiled in template this instance creates instances for. - format: string - type: string - name: - format: string - type: string - params: - description: Depends on referenced template. - type: object - template: - description: The name of the template this instance creates instances for. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - listKind: ruleList - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - listKind: ClusterRbacConfigList - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - listKind: RbacConfigList - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - listKind: ServiceRoleList - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - listKind: ServiceRoleBindingList - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - listKind: AuthorizationPolicyList - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details at: https://istio.io/docs/reference/config/security/authorization-policy.html' - properties: - action: - description: Optional. - enum: - - ALLOW - - DENY - type: string - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - notIpBlocks: - description: Optional. - items: - format: string - type: string - type: array - notNamespaces: - description: Optional. - items: - format: string - type: string - type: array - notPrincipals: - description: Optional. - items: - format: string - type: string - type: array - notRequestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - description: Optional. - items: - format: string - type: string - type: array - notMethods: - description: Optional. - items: - format: string - type: string - type: array - notPaths: - description: Optional. - items: - format: string - type: string - type: array - notPorts: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - notValues: - description: Optional. - items: - format: string - type: string - type: array - values: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: peerauthentications.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: PeerAuthentication - listKind: PeerAuthenticationList - plural: peerauthentications - singular: peerauthentication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar. - properties: - mtls: - description: Mutual TLS settings for workload. - properties: - mode: - description: Defines the mTLS mode used for peer authentication. - enum: - - UNSET - - DISABLE - - PERMISSIVE - - STRICT - type: string - type: object - portLevelMtls: - additionalProperties: - properties: - mode: - description: Defines the mTLS mode used for peer authentication. - enum: - - UNSET - - DISABLE - - PERMISSIVE - - STRICT - type: string - type: object - description: Port specific mutual TLS settings. - type: object - selector: - description: The selector determines the workloads to apply the ChannelAuthentication on. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: requestauthentications.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: RequestAuthentication - listKind: RequestAuthenticationList - plural: requestauthentications - singular: requestauthentication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: RequestAuthentication defines what request authentication methods are supported by a workload. - properties: - jwtRules: - description: Define the list of JWTs that can be validated at the selected workloads' proxy. - items: - properties: - audiences: - items: - format: string - type: string - type: array - forwardOriginalToken: - description: If set to true, the orginal token will be kept for the ustream request. - type: boolean - fromHeaders: - description: List of header locations from which JWT is expected. - items: - properties: - name: - description: The HTTP header name. - format: string - type: string - prefix: - description: The prefix that should be stripped before decoding the token. - format: string - type: string - type: object - type: array - fromParams: - description: List of query parameters from which JWT is expected. - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - outputPayloadToHeader: - format: string - type: string - type: object - type: array - selector: - description: The selector determines the workloads to apply the RequestAuthentication on. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.5.800/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.5.800/templates/crd-certmanager-10.yaml deleted file mode 100644 index 3da40f0fb..000000000 --- a/charts/rancher-istio/1.5.800/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.5.800/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.5.800/templates/crd-certmanager-11.yaml deleted file mode 100644 index 5dcd69879..000000000 --- a/charts/rancher-istio/1.5.800/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.5.800/templates/crd-mixer.yaml b/charts/rancher-istio/1.5.800/templates/crd-mixer.yaml deleted file mode 100644 index a9feb0357..000000000 --- a/charts/rancher-istio/1.5.800/templates/crd-mixer.yaml +++ /dev/null @@ -1,61 +0,0 @@ -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.5.800/templates/endpoints.yaml b/charts/rancher-istio/1.5.800/templates/endpoints.yaml deleted file mode 100755 index 2acb95620..000000000 --- a/charts/rancher-istio/1.5.800/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.5.800/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.5.800/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.5.800/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.5.800/templates/istio-onefive-migration.yaml b/charts/rancher-istio/1.5.800/templates/istio-onefive-migration.yaml deleted file mode 100644 index acfe78caf..000000000 --- a/charts/rancher-istio/1.5.800/templates/istio-onefive-migration.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if .Values.onefiveMigration.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" -rules: - - apiGroups: ["extensions","apps"] - resources: ["deployments"] - verbs: ["get", "list", "delete"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "delete"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterrolebindings"] - verbs: ["get", "list", "delete"] - - apiGroups: [""] - resources: ["serviceaccounts", "pods"] - verbs: ["get", "list", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-onefive-migration -subjects: - - kind: ServiceAccount - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - template: - metadata: - name: istio-onefive-migration - labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-onefive-migration - restartPolicy: OnFailure - containers: - - name: migrate - image: "{{ template "system_default_registry" . }}{{ .Values.onefiveMigration.repository }}:{{ .Values.onefiveMigration.tag }}" - imagePullPolicy: Always -{{- end }} diff --git a/charts/rancher-istio/1.5.800/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.5.800/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.5.800/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.800/templates/service.yaml b/charts/rancher-istio/1.5.800/templates/service.yaml deleted file mode 100755 index 00946ddba..000000000 --- a/charts/rancher-istio/1.5.800/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.5.800/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.800/templates/serviceaccount.yaml deleted file mode 100755 index c377d10e4..000000000 --- a/charts/rancher-istio/1.5.800/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-reader-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.800/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.5.800/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.5.800/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.800/test-values/README.md b/charts/rancher-istio/1.5.800/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.5.800/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.5.800/test-values/values-e2e.yaml b/charts/rancher-istio/1.5.800/test-values/values-e2e.yaml deleted file mode 100755 index 1e1bf1fde..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - name: istio-ingressgateway - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - name: istio-egressgateway - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.5.800/test-values/values-integ.yaml b/charts/rancher-istio/1.5.800/test-values/values-integ.yaml deleted file mode 100755 index 3d079d716..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-integ.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - name: istio-ingressgateway - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - name: istio-egressgateway - enabled: false - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index 843869703..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,24 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - image: node-agent-k8s - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-mesh-networks.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-mesh-networks.yaml deleted file mode 100755 index c713b8af9..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-mesh-networks.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# overrides to test the meshNetworks. -global: - meshNetworks: - # NOTE: DO NOT CHANGE THIS! Its hardcoded in Pilot in different areas - Kubernetes: - endpoints: - - fromRegistry: Kubernetes - gateways: - - port: 15443 - address: 2.2.2.2 - vm: {} - - #This will cause ISTIO_META_NETWORK to be set on the pods and the - #kube controller code to match endpoints from kubernetes with the default - #cluster ID of "Kubernetes". Need to fix this code - network: "Kubernetes" diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.800/test-values/values-istio.yaml b/charts/rancher-istio/1.5.800/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.5.800/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.5.800/values.yaml b/charts/rancher-istio/1.5.800/values.yaml deleted file mode 100755 index aa3c60935..000000000 --- a/charts/rancher-istio/1.5.800/values.yaml +++ /dev/null @@ -1,699 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio # The release name must be cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: 1.5.8 - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.5.8 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - repository: rancher/istio-mixer - tag: 1.5.8 - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: 1.5.8 - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: 1.5.8 - enabled: true - -# -# nodeagent configuration, see global.nodeagent for setting images -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - # note that this does not get used by default, instead we use monitorings grafana - repository: rancher/grafana-grafana - tag: 6.7.4 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.12.0 - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - enabled: false - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.14 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.15 - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - grafanaInClusterURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.8.1 - enabled: false - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.6.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Job to move from 1.4 to 1.5 -# -onefiveMigration: - enabled: true - repository: rancher/istio-1.5-migration - tag: 0.1.1 - -# Common settings used among istio subcharts. -global: - - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - clusterId: - - systemDefaultRegistry: "" - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.5.8 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.5.8 - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # use fully qualified image names for alternate path to proxy. - repository: rancher/istio-proxyv2 - tag: 1.5.8 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Specifies the path to the outlier event log. - outlierLogPath: # example: /dev/stdout - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - repository: rancher/istio-proxyv2 - tag: 1.5.8 - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: true - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - # - # nodeagent configuration - # - nodeagent: - repository: rancher/istio-node-agent-k8s - tag: 1.5.8 - - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-istio/1.5.900/.helmignore b/charts/rancher-istio/1.5.900/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.5.900/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.5.900/Chart.yaml b/charts/rancher-istio/1.5.900/Chart.yaml deleted file mode 100755 index f0364c933..000000000 --- a/charts/rancher-istio/1.5.900/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -name: rancher-istio -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' -version: 1.5.900 diff --git a/charts/rancher-istio/1.5.900/LICENSE b/charts/rancher-istio/1.5.900/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.5.900/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.5.900/README.md b/charts/rancher-istio/1.5.900/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.5.900/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.5.900/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.5.900/charts/certmanager/Chart.yaml deleted file mode 100755 index af66656bb..000000000 --- a/charts/rancher-istio/1.5.900/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.5.900/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.5.900/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.5.900/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.5.900/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 323228638..000000000 --- a/charts/rancher-istio/1.5.900/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.5.900/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.5.900/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.5.900/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.900/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index bb3c95c27..000000000 --- a/charts/rancher-istio/1.5.900/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.5.900/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.5.900/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.5.900/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.5.900/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.900/charts/certmanager/values.yaml b/charts/rancher-istio/1.5.900/charts/certmanager/values.yaml deleted file mode 100755 index 2dbff4beb..000000000 --- a/charts/rancher-istio/1.5.900/charts/certmanager/values.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -hub: quay.io/jetstack -# image: cert-manager-controller -tag: v0.8.1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.900/charts/galley/Chart.yaml b/charts/rancher-istio/1.5.900/charts/galley/Chart.yaml deleted file mode 100755 index b51fef01d..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.5.900/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index 504abc079..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterroles"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.5.900/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.900/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.900/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.5.900/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.5.900/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/galley/templates/deployment.yaml deleted file mode 100755 index 1110c9b57..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/tmp/healthliveness - - --readinessProbePath=/tmp/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/tmp/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/tmp/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - # galley expects /etc/config to exist even though it doesn't include any files. - - name: config - emptyDir: - medium: Memory - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.900/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.900/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 1bf374e4a..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/galley/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/galley/templates/service.yaml deleted file mode 100755 index 35e258175..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/templates/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - targetPort: 9443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.5.900/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.900/charts/galley/templates/validatingwebhookconfiguration.yaml b/charts/rancher-istio/1.5.900/charts/galley/templates/validatingwebhookconfiguration.yaml deleted file mode 100755 index 4e1f50f2c..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{/* - This version of the validatingwebhookconfiguration is applied directly by - helm. Galley only patches the caBundle and failurePolicy. -*/}} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - adapters - - handlers - - instances - - templates - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None \ No newline at end of file diff --git a/charts/rancher-istio/1.5.900/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.5.900/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 8df00f798..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,111 +0,0 @@ -{{/* - This version of the validatingwebhookconfiguration is applied indirectly - by galley. This exists to support a smoother upgrade path from istio - Rversions < 1.4 -*/}} -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - adapters - - handlers - - instances - - templates - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/galley/values.yaml b/charts/rancher-istio/1.5.900/charts/galley/values.yaml deleted file mode 100755 index 1dc415a8c..000000000 --- a/charts/rancher-istio/1.5.900/charts/galley/values.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: galley -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.5.900/charts/gateways/Chart.yaml b/charts/rancher-istio/1.5.900/charts/gateways/Chart.yaml deleted file mode 100755 index fd544ef24..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.5.900/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.5.900/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/gateways/templates/deployment.yaml deleted file mode 100755 index bb1b755fc..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,385 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - {{- if $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.900/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 865921ed8..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.5.900/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 6ef10a6a1..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,246 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadSelector: - labels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - configPatches: - - applyTo: NETWORK_FILTER - match: - context: GATEWAY - listener: - portNumber: 15443 - filterChain: - filter: - name: "envoy.filters.network.sni_cluster" - patch: - operation: INSERT_AFTER - value: - name: "envoy.filters.network.tcp_cluster_rewrite" - config: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.5.900/charts/gateways/templates/role.yaml deleted file mode 100755 index 6ebfb3504..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.5.900/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index 7fdfe6e40..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.900/charts/gateways/values.yaml b/charts/rancher-istio/1.5.900/charts/gateways/values.yaml deleted file mode 100755 index 69815e451..000000000 --- a/charts/rancher-istio/1.5.900/charts/gateways/values.yaml +++ /dev/null @@ -1,282 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - image: node-agent-k8s - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - env: - # By default, a gateway is in "standard" mode. If the mode is set to "sni-dnat", - # pilot generates an additional - # set of clusters for internal services without Istio mTLS, to - # enable cross cluster routing. Enable when using multi-cluster routing. - ISTIO_META_ROUTER_MODE: "standard" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - - # By default, a gateway is in "standard" mode. If the mode is set to "sni-dnat", - # pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "standard" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.5.900/charts/grafana/Chart.yaml b/charts/rancher-istio/1.5.900/charts/grafana/Chart.yaml deleted file mode 100755 index ae7ce1b3a..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.5.900/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index 7cb8e5b28..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"citadel\", pod=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.5.900/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index 1cdb6a5b2..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1734 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}[1m])) by (container)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 505043e54..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}[1m])) by (container)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m])) by (container)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.5.900/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index 6da44ec0a..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container, pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.5.900/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index bdc7e720e..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"discovery\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"discovery\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"istio-proxy\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"discovery\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.900/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.5.900/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.5.900/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.5.900/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.5.900/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.5.900/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index 64bf3e451..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/grafana/templates/deployment.yaml deleted file mode 100755 index 9ad2a7f56..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.5.900/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.5.900/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.5.900/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.5.900/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index 7c8d1944b..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/grafana/values.yaml b/charts/rancher-istio/1.5.900/charts/grafana/values.yaml deleted file mode 100755 index 7b977c1e7..000000000 --- a/charts/rancher-istio/1.5.900/charts/grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.5.900/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.5.900/charts/istiocoredns/Chart.yaml deleted file mode 100755 index e5ce58b24..000000000 --- a/charts/rancher-istio/1.5.900/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 925626f6b..000000000 --- a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.coreDNSTag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index 4af0a2256..000000000 --- a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.5.900/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.900/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.5.900/charts/istiocoredns/values.yaml deleted file mode 100755 index 6b31219cc..000000000 --- a/charts/rancher-istio/1.5.900/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -coreDNSImage: coredns/coredns -coreDNSTag: 1.6.2 -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -coreDNSPluginImage: istio/coredns-plugin:0.2-istio-1.1 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.900/charts/kiali/Chart.yaml b/charts/rancher-istio/1.5.900/charts/kiali/Chart.yaml deleted file mode 100755 index d6081dd21..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.1 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.1 diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.5.900/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.900/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.5.900/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 44c9dd199..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - login_token: - signing_key: {{ randAlphaNum 10 | quote }} - auth: - strategy: {{ .Values.dashboard.auth.strategy }} -{{- if eq .Values.dashboard.auth.strategy "ldap" }} - ldap: -{{- with .Values.dashboard.auth.strategy.ldap }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - in_cluster_url: {{ .Values.dashboard.jaegerInClusterURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - in_cluster_url: {{ .Values.dashboard.grafanaInClusterURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.5.900/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/kiali/templates/deployment.yaml deleted file mode 100755 index d0624ef08..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.5.900/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.5.900/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.900/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.5.900/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index e2a1ff671..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/kiali/values.yaml b/charts/rancher-istio/1.5.900/charts/kiali/values.yaml deleted file mode 100755 index af167baf3..000000000 --- a/charts/rancher-istio/1.5.900/charts/kiali/values.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -hub: quay.io/kiali -image: kiali -tag: v1.15 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, openshift, or ldap - # ldap: # This is required to use the ldap strategy - # ldap_base: "DC=example,DC=com" - # ldap_bind_dn: "CN={USERID},OU=xyz,OU=Users,OU=Accounts,DC=example,DC=com" - # ldap_group_filter: "(cn=%s)" - # ldap_host: "ldap-service.ldap-namespace" - # ldap_insecure_skip_verify: true - # ldap_mail_id_key: "mail" - # ldap_member_of_key: "memberOf" - # ldap_port: 123 - # ldap_role_filter: ".*xyz.*" - # ldap_search_filter: "(&(name={USERID}))" - # ldap_use_ssl: false - # ldap_user_filter: "(cn=%s)" - # ldap_user_id_key: "cn" - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - grafanaInClusterURL: "http://grafana:3000" # In Kubernetes cluster with ELB in front this option is needed, since public IP of ELB is not reachable from inside the cluster - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. - jaegerInClusterURL: "http://tracing/jaeger" # If you have Jaeger installed and accessible from Kiali pod (typically in cluster), then set this property to enable more tracing charts within Kiali. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.5.900/charts/mixer/Chart.yaml b/charts/rancher-istio/1.5.900/charts/mixer/Chart.yaml deleted file mode 100755 index be98709c3..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.5.900/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.5.900/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.900/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.5.900/charts/mixer/templates/config.yaml deleted file mode 100755 index e2ef31d38..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1084 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: api.protocol | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: {} - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 5b7dc3a89..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.5.900/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.900/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index 35bbc40d7..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.900/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/mixer/values.yaml b/charts/rancher-istio/1.5.900/charts/mixer/values.yaml deleted file mode 100755 index d335c36c3..000000000 --- a/charts/rancher-istio/1.5.900/charts/mixer/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# -# mixer configuration -# -image: mixer - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.5.900/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.5.900/charts/nodeagent/Chart.yaml deleted file mode 100755 index 1b7f95236..000000000 --- a/charts/rancher-istio/1.5.900/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.5.900/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.5.900/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.5.900/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.5.900/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.900/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.5.900/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.900/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.5.900/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index a4d2463d6..000000000 --- a/charts/rancher-istio/1.5.900/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.5.900/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.5.900/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.900/charts/nodeagent/values.yaml b/charts/rancher-istio/1.5.900/charts/nodeagent/values.yaml deleted file mode 100755 index 3e1c09045..000000000 --- a/charts/rancher-istio/1.5.900/charts/nodeagent/values.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -image: node-agent-k8s -env: - # name of authentication provider. - CA_PROVIDER: "Citadel" - # CA endpoint. - CA_ADDR: "istio-citadel:8060" - # names of authentication provider's plugins. - PLUGINS: "" - VALID_TOKEN: true -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.900/charts/pilot/Chart.yaml b/charts/rancher-istio/1.5.900/charts/pilot/Chart.yaml deleted file mode 100755 index 559a7a852..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.5.900/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.5.900/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index d149176a9..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: - - config.istio.io - - rbac.istio.io - - security.istio.io - - networking.istio.io - - authentication.istio.io - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.5.900/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.900/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.900/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.5.900/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 7e7cd2b97..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.5.900/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.900/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.900/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index a432023ca..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.5.900/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.900/charts/pilot/values.yaml b/charts/rancher-istio/1.5.900/charts/pilot/values.yaml deleted file mode 100755 index 0d37ec59c..000000000 --- a/charts/rancher-istio/1.5.900/charts/pilot/values.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: pilot -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.5.900/charts/prometheus/Chart.yaml deleted file mode 100755 index 87ce795a5..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.5.900/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.5.900/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.5.900/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index cfd0d43ab..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,294 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - - job_name: 'sidecar-injector' - - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-sidecar-injector;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 1033a2f5b..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.5.900/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.5.900/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index c36ce3f5c..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/prometheus/values.yaml b/charts/rancher-istio/1.5.900/charts/prometheus/values.yaml deleted file mode 100755 index 76bda8457..000000000 --- a/charts/rancher-istio/1.5.900/charts/prometheus/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -hub: docker.io/prom -image: prometheus -tag: v2.12.0 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.5.900/charts/security/Chart.yaml b/charts/rancher-istio/1.5.900/charts/security/Chart.yaml deleted file mode 100755 index be7731948..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index 61e1156a4..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/deployment.yaml deleted file mode 100755 index 81d0c6b28..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 661617803..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} -{{- if not .Values.global.mtls.auto }} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index 1a8809599..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.900/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.5.900/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 481b486de..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/security/values.yaml b/charts/rancher-istio/1.5.900/charts/security/values.yaml deleted file mode 100755 index ee16f2c60..000000000 --- a/charts/rancher-istio/1.5.900/charts/security/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: citadel -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index f814462ac..000000000 --- a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index b0ddf131f..000000000 --- a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/tmp/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/tmp/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/tmp/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index ea03cd81c..000000000 --- a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - targetPort: 9443 - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index b2716d945..000000000 --- a/charts/rancher-istio/1.5.900/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: sidecar_injector -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: true - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.5.900/charts/tracing/.helmignore b/charts/rancher-istio/1.5.900/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.5.900/charts/tracing/Chart.yaml b/charts/rancher-istio/1.5.900/charts/tracing/Chart.yaml deleted file mode 100755 index f3b8486f6..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.900/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.5.900/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index da54eeb94..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.5.900/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.5.900/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index eef24fc16..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.5.900/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.5.900/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.5.900/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.5.900/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index f7ab769b8..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,114 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector-headless - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - clusterIP: None -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.5.900/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.5.900/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.5.900/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.5.900/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index 64248e8c5..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/charts/tracing/values.yaml b/charts/rancher-istio/1.5.900/charts/tracing/values.yaml deleted file mode 100755 index 03381bfe5..000000000 --- a/charts/rancher-istio/1.5.900/charts/tracing/values.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - hub: docker.io/jaegertracing - image: all-in-one - tag: 1.16 - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - hub: docker.io/openzipkin - image: zipkin - tag: 2.14.2 - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.5.900/files/injection-template.yaml b/charts/rancher-istio/1.5.900/files/injection-template.yaml deleted file mode 100755 index 42a27984c..000000000 --- a/charts/rancher-istio/1.5.900/files/injection-template.yaml +++ /dev/null @@ -1,462 +0,0 @@ -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe true }} -initContainers: -{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{ if .Values.istio_cni.enabled -}} -- name: istio-validation -{{ else -}} -- name: istio-init -{{ end -}} -{{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- end }} - command: - - istio-iptables - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if .Values.istio_cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ end -}} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" -{{- if .Values.global.proxy_init.resources }} - resources: - {{ toYaml .Values.global.proxy_init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.istio_cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.istio_cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsUser: 1337 - runAsNonRoot: true - {{- end }} - restartPolicy: Always -{{ end -}} -{{- if eq (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} -containers: -- name: istio-proxy -{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` "") }} # if custom pod then use that - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" -{{- else }} - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- else }} - image: "{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- end }} -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} -{{- if .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- end }} -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} -{{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: |- - [ - {{- range $index, $container := .Spec.Containers }} - {{- if ne $index 0}},{{- end}} - {{ $container.Name }} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents.Value }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else -}} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: - {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end}} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{ else -}} -{{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} -{{- end }} - {{ end -}} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.5.900/questions.yaml b/charts/rancher-istio/1.5.900/questions.yaml deleted file mode 100644 index 1964fb5de..000000000 --- a/charts/rancher-istio/1.5.900/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v1.5.900: 1.5.9 -rancher_min_version: 2.4.5-rc1 -rancher_max_version: 2.4.5-rc1 diff --git a/charts/rancher-istio/1.5.900/requirements.yaml b/charts/rancher-istio/1.5.900/requirements.yaml deleted file mode 100755 index 52613bcf6..000000000 --- a/charts/rancher-istio/1.5.900/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.5.9 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.5.9 - condition: security.enabled - - name: gateways - version: 1.5.9 - condition: gateways.enabled - - name: mixer - version: 1.5.9 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.5.9 - condition: nodeagent.enabled - - name: pilot - version: 1.5.9 - condition: pilot.enabled - - name: grafana - version: 1.5.9 - condition: grafana.enabled - - name: prometheus - version: 1.5.9 - condition: prometheus.enabled - - name: tracing - version: 1.5.9 - condition: tracing.enabled - - name: galley - version: 1.5.9 - condition: galley.enabled - - name: kiali - version: 1.5.9 - condition: kiali.enabled - - name: istiocoredns - version: 1.5.9 - condition: istiocoredns.enabled - - name: certmanager - version: 1.5.9 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.5.900/templates/NOTES.txt b/charts/rancher-istio/1.5.900/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.5.900/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.5.900/templates/_affinity.tpl b/charts/rancher-istio/1.5.900/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.5.900/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/templates/_helpers.tpl b/charts/rancher-istio/1.5.900/templates/_helpers.tpl deleted file mode 100755 index 3f267faa2..000000000 --- a/charts/rancher-istio/1.5.900/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.900/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.5.900/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.5.900/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.5.900/templates/clusterrole.yaml b/charts/rancher-istio/1.5.900/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.5.900/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.5.900/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.900/templates/clusterrolebinding.yaml deleted file mode 100755 index 759678ea6..000000000 --- a/charts/rancher-istio/1.5.900/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.900/templates/configmap.yaml b/charts/rancher-istio/1.5.900/templates/configmap.yaml deleted file mode 100755 index 6bac37a7c..000000000 --- a/charts/rancher-istio/1.5.900/templates/configmap.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - {{- range .Values.pilot.configSource.subscribedResources }} - - {{ . }} - {{- end }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - {{- if .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- end }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/templates/crd-all.gen.yaml b/charts/rancher-istio/1.5.900/templates/crd-all.gen.yaml deleted file mode 100644 index 6c95a751d..000000000 --- a/charts/rancher-istio/1.5.900/templates/crd-all.gen.yaml +++ /dev/null @@ -1,6037 +0,0 @@ -# DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs. -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - description: Deprecated. - type: boolean - origins: - description: Deprecated. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - description: Deprecated. - type: boolean - peers: - description: List of authentication methods that can be used for peer authentication. - items: - oneOf: - - not: - anyOf: - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: Deprecated. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Deprecated. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: Deprecated. - items: - properties: - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - not: - anyOf: - - required: - - number - - required: - - name - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - listKind: PolicyList - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - description: Deprecated. - type: boolean - origins: - description: Deprecated. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - description: Deprecated. - type: boolean - peers: - description: List of authentication methods that can be used for peer authentication. - items: - oneOf: - - not: - anyOf: - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: Deprecated. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Deprecated. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: Deprecated. - items: - properties: - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - not: - anyOf: - - required: - - number - - required: - - name - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - listKind: HTTPAPISpecList - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - not: - anyOf: - - required: - - query - - required: - - header - - required: - - cookie - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - not: - anyOf: - - required: - - query - - required: - - header - - required: - - cookie - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - not: - anyOf: - - required: - - uriTemplate - - required: - - regex - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - listKind: HTTPAPISpecBindingList - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - listKind: QuotaSpecList - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - listKind: QuotaSpecBindingList - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - listKind: EnvoyFilterList - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - not: - anyOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was generated. - type: integer - service: - description: The fully qualified service name for this cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual host. - properties: - action: - description: Match a route with specific action type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - - INSERT_FIRST - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - listKind: GatewayList - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details at: https://istio.io/docs/reference/config/networking/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - listKind: SidecarList - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The IP to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform CORS requests. - items: - format: string - type: string - type: array - allowOrigins: - description: String patterns that match allowed origins. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at the client side. - properties: - abort: - oneOf: - - not: - anyOf: - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http request. - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - not: - anyOf: - - required: - - fixedDelay - - required: - - exponentialDelay - - required: - - fixedDelay - - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should be case-insensitive. - type: boolean - method: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` field. - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` field. - type: integer - mirrorPercentage: - description: Percentage of the traffic to be mirrored by the `mirror` field. - properties: - value: - format: double - type: number - type: object - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A HTTP rule can either redirect or forward (default) traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A HTTP rule can either redirect or forward (default) traffic. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: array - route: - description: The destination to which the connection should be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - listKind: attributemanifestList - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: mixer-handler - package: handler - release: istio - name: handlers.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: handler - listKind: handlerList - plural: handlers - singular: handler - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Handler allows the operator to configure a specific adapter implementation. - properties: - adapter: - description: The name of a specific adapter implementation. - format: string - type: string - compiledAdapter: - description: The name of the compiled in adapter this handler instantiates. - format: string - type: string - connection: - description: Information on how to connect to the out-of-process adapter. - properties: - address: - description: The address of the backend. - format: string - type: string - authentication: - description: Auth config for the connection to the backend. - oneOf: - - not: - anyOf: - - properties: - tls: - allOf: - - oneOf: - - not: - anyOf: - - required: - - tokenPath - - required: - - oauth - - required: - - tokenPath - - required: - - oauth - - oneOf: - - not: - anyOf: - - required: - - authHeader - - required: - - customHeader - - required: - - authHeader - - required: - - customHeader - required: - - tls - - required: - - mutual - - properties: - tls: - allOf: - - oneOf: - - not: - anyOf: - - required: - - tokenPath - - required: - - oauth - - required: - - tokenPath - - required: - - oauth - - oneOf: - - not: - anyOf: - - required: - - authHeader - - required: - - customHeader - - required: - - authHeader - - required: - - customHeader - required: - - tls - - required: - - mutual - properties: - mutual: - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: The path to the file holding client certificate for mutual TLS. - format: string - type: string - privateKey: - description: The path to the file holding the private key for mutual TLS. - format: string - type: string - serverName: - description: Used to configure mixer mutual TLS client to supply server name for SNI. - format: string - type: string - type: object - tls: - properties: - authHeader: - description: Access token is passed as authorization header. - enum: - - PLAIN - - BEARER - type: string - caCertificates: - format: string - type: string - customHeader: - description: Customized header key to hold access token, e.g. - format: string - type: string - oauth: - description: Oauth config to fetch access token from auth provider. - properties: - clientId: - description: OAuth client id for mixer. - format: string - type: string - clientSecret: - description: The path to the file holding the client secret for oauth. - format: string - type: string - endpointParams: - additionalProperties: - format: string - type: string - description: Additional parameters for requests to the token endpoint. - type: object - scopes: - description: List of requested permissions. - items: - format: string - type: string - type: array - tokenUrl: - description: The Resource server's token endpoint URL. - format: string - type: string - type: object - serverName: - format: string - type: string - tokenPath: - format: string - type: string - type: object - type: object - timeout: - description: Timeout for remote calls to the backend. - type: string - type: object - name: - description: Must be unique in the entire Mixer configuration. - format: string - type: string - params: - description: Depends on adapter implementation. - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: mixer-instance - package: instance - release: istio - name: instances.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: instance - listKind: instanceList - plural: instances - singular: instance - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: An Instance tells Mixer how to create instances for particular template. - properties: - attributeBindings: - additionalProperties: - format: string - type: string - type: object - compiledTemplate: - description: The name of the compiled in template this instance creates instances for. - format: string - type: string - name: - format: string - type: string - params: - description: Depends on referenced template. - type: object - template: - description: The name of the template this instance creates instances for. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - listKind: ruleList - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - listKind: ClusterRbacConfigList - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - listKind: RbacConfigList - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - listKind: ServiceRoleList - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - listKind: ServiceRoleBindingList - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - listKind: AuthorizationPolicyList - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details at: https://istio.io/docs/reference/config/security/authorization-policy.html' - properties: - action: - description: Optional. - enum: - - ALLOW - - DENY - type: string - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - notIpBlocks: - description: Optional. - items: - format: string - type: string - type: array - notNamespaces: - description: Optional. - items: - format: string - type: string - type: array - notPrincipals: - description: Optional. - items: - format: string - type: string - type: array - notRequestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - description: Optional. - items: - format: string - type: string - type: array - notMethods: - description: Optional. - items: - format: string - type: string - type: array - notPaths: - description: Optional. - items: - format: string - type: string - type: array - notPorts: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - notValues: - description: Optional. - items: - format: string - type: string - type: array - values: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: peerauthentications.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: PeerAuthentication - listKind: PeerAuthenticationList - plural: peerauthentications - singular: peerauthentication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar. - properties: - mtls: - description: Mutual TLS settings for workload. - properties: - mode: - description: Defines the mTLS mode used for peer authentication. - enum: - - UNSET - - DISABLE - - PERMISSIVE - - STRICT - type: string - type: object - portLevelMtls: - additionalProperties: - properties: - mode: - description: Defines the mTLS mode used for peer authentication. - enum: - - UNSET - - DISABLE - - PERMISSIVE - - STRICT - type: string - type: object - description: Port specific mutual TLS settings. - type: object - selector: - description: The selector determines the workloads to apply the ChannelAuthentication on. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: requestauthentications.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: RequestAuthentication - listKind: RequestAuthenticationList - plural: requestauthentications - singular: requestauthentication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: RequestAuthentication defines what request authentication methods are supported by a workload. - properties: - jwtRules: - description: Define the list of JWTs that can be validated at the selected workloads' proxy. - items: - properties: - audiences: - items: - format: string - type: string - type: array - forwardOriginalToken: - description: If set to true, the orginal token will be kept for the ustream request. - type: boolean - fromHeaders: - description: List of header locations from which JWT is expected. - items: - properties: - name: - description: The HTTP header name. - format: string - type: string - prefix: - description: The prefix that should be stripped before decoding the token. - format: string - type: string - type: object - type: array - fromParams: - description: List of query parameters from which JWT is expected. - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - outputPayloadToHeader: - format: string - type: string - type: object - type: array - selector: - description: The selector determines the workloads to apply the RequestAuthentication on. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.5.900/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.5.900/templates/crd-certmanager-10.yaml deleted file mode 100644 index 3da40f0fb..000000000 --- a/charts/rancher-istio/1.5.900/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.5.900/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.5.900/templates/crd-certmanager-11.yaml deleted file mode 100644 index 5dcd69879..000000000 --- a/charts/rancher-istio/1.5.900/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.5.900/templates/crd-mixer.yaml b/charts/rancher-istio/1.5.900/templates/crd-mixer.yaml deleted file mode 100644 index a9feb0357..000000000 --- a/charts/rancher-istio/1.5.900/templates/crd-mixer.yaml +++ /dev/null @@ -1,61 +0,0 @@ -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.5.900/templates/endpoints.yaml b/charts/rancher-istio/1.5.900/templates/endpoints.yaml deleted file mode 100755 index 2acb95620..000000000 --- a/charts/rancher-istio/1.5.900/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.5.900/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.5.900/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.5.900/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.5.900/templates/istio-onefive-migration.yaml b/charts/rancher-istio/1.5.900/templates/istio-onefive-migration.yaml deleted file mode 100644 index acfe78caf..000000000 --- a/charts/rancher-istio/1.5.900/templates/istio-onefive-migration.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if .Values.onefiveMigration.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" -rules: - - apiGroups: ["extensions","apps"] - resources: ["deployments"] - verbs: ["get", "list", "delete"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "delete"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterrolebindings"] - verbs: ["get", "list", "delete"] - - apiGroups: [""] - resources: ["serviceaccounts", "pods"] - verbs: ["get", "list", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-onefive-migration -subjects: - - kind: ServiceAccount - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - template: - metadata: - name: istio-onefive-migration - labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-onefive-migration - restartPolicy: OnFailure - containers: - - name: migrate - image: "{{ template "system_default_registry" . }}{{ .Values.onefiveMigration.repository }}:{{ .Values.onefiveMigration.tag }}" - imagePullPolicy: Always -{{- end }} diff --git a/charts/rancher-istio/1.5.900/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.5.900/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.5.900/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.900/templates/service.yaml b/charts/rancher-istio/1.5.900/templates/service.yaml deleted file mode 100755 index 00946ddba..000000000 --- a/charts/rancher-istio/1.5.900/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.5.900/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.900/templates/serviceaccount.yaml deleted file mode 100755 index c377d10e4..000000000 --- a/charts/rancher-istio/1.5.900/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-reader-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.900/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.5.900/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.5.900/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.900/test-values/README.md b/charts/rancher-istio/1.5.900/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.5.900/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.5.900/test-values/values-e2e.yaml b/charts/rancher-istio/1.5.900/test-values/values-e2e.yaml deleted file mode 100755 index 1e1bf1fde..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - name: istio-ingressgateway - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - name: istio-egressgateway - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.5.900/test-values/values-integ.yaml b/charts/rancher-istio/1.5.900/test-values/values-integ.yaml deleted file mode 100755 index 3d079d716..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-integ.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - name: istio-ingressgateway - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - name: istio-egressgateway - enabled: false - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index 843869703..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,24 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - image: node-agent-k8s - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-mesh-networks.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-mesh-networks.yaml deleted file mode 100755 index c713b8af9..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-mesh-networks.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# overrides to test the meshNetworks. -global: - meshNetworks: - # NOTE: DO NOT CHANGE THIS! Its hardcoded in Pilot in different areas - Kubernetes: - endpoints: - - fromRegistry: Kubernetes - gateways: - - port: 15443 - address: 2.2.2.2 - vm: {} - - #This will cause ISTIO_META_NETWORK to be set on the pods and the - #kube controller code to match endpoints from kubernetes with the default - #cluster ID of "Kubernetes". Need to fix this code - network: "Kubernetes" diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.900/test-values/values-istio.yaml b/charts/rancher-istio/1.5.900/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.5.900/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.5.900/values.yaml b/charts/rancher-istio/1.5.900/values.yaml deleted file mode 100755 index 41c815fe7..000000000 --- a/charts/rancher-istio/1.5.900/values.yaml +++ /dev/null @@ -1,699 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio # The release name must be cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: 1.5.9 - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.5.9 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - repository: rancher/istio-mixer - tag: 1.5.9 - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: 1.5.9 - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: 1.5.9 - enabled: true - -# -# nodeagent configuration, see global.nodeagent for setting images -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - # note that this does not get used by default, instead we use monitorings grafana - repository: rancher/grafana-grafana - tag: 6.7.4 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.12.0 - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - enabled: false - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.14 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.17 - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - grafanaInClusterURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.8.1 - enabled: false - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.6.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Job to move from 1.4 to 1.5 -# -onefiveMigration: - enabled: true - repository: rancher/istio-1.5-migration - tag: 0.1.1 - -# Common settings used among istio subcharts. -global: - - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - clusterId: - - systemDefaultRegistry: "" - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.5.9 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.5.9 - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # use fully qualified image names for alternate path to proxy. - repository: rancher/istio-proxyv2 - tag: 1.5.9 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Specifies the path to the outlier event log. - outlierLogPath: # example: /dev/stdout - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - repository: rancher/istio-proxyv2 - tag: 1.5.9 - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: true - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - # - # nodeagent configuration - # - nodeagent: - repository: rancher/istio-node-agent-k8s - tag: 1.5.9 - - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-istio/1.5.901/.helmignore b/charts/rancher-istio/1.5.901/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.5.901/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.5.901/Chart.yaml b/charts/rancher-istio/1.5.901/Chart.yaml deleted file mode 100755 index 2ce26a3db..000000000 --- a/charts/rancher-istio/1.5.901/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -name: rancher-istio -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' -version: 1.5.901 diff --git a/charts/rancher-istio/1.5.901/LICENSE b/charts/rancher-istio/1.5.901/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.5.901/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.5.901/README.md b/charts/rancher-istio/1.5.901/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.5.901/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.5.901/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.5.901/charts/certmanager/Chart.yaml deleted file mode 100755 index af66656bb..000000000 --- a/charts/rancher-istio/1.5.901/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.5.901/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.5.901/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.5.901/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.5.901/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 323228638..000000000 --- a/charts/rancher-istio/1.5.901/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.5.901/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.5.901/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.5.901/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.901/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index bb3c95c27..000000000 --- a/charts/rancher-istio/1.5.901/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.5.901/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.5.901/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.5.901/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.5.901/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.901/charts/certmanager/values.yaml b/charts/rancher-istio/1.5.901/charts/certmanager/values.yaml deleted file mode 100755 index 2dbff4beb..000000000 --- a/charts/rancher-istio/1.5.901/charts/certmanager/values.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -hub: quay.io/jetstack -# image: cert-manager-controller -tag: v0.8.1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.901/charts/galley/Chart.yaml b/charts/rancher-istio/1.5.901/charts/galley/Chart.yaml deleted file mode 100755 index b51fef01d..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.5.901/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index 504abc079..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterroles"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.5.901/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.901/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.901/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.5.901/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.5.901/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/galley/templates/deployment.yaml deleted file mode 100755 index 1110c9b57..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/tmp/healthliveness - - --readinessProbePath=/tmp/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/tmp/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/tmp/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - # galley expects /etc/config to exist even though it doesn't include any files. - - name: config - emptyDir: - medium: Memory - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.901/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.901/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 1bf374e4a..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/galley/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/galley/templates/service.yaml deleted file mode 100755 index 35e258175..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/templates/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - targetPort: 9443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.5.901/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.901/charts/galley/templates/validatingwebhookconfiguration.yaml b/charts/rancher-istio/1.5.901/charts/galley/templates/validatingwebhookconfiguration.yaml deleted file mode 100755 index 4e1f50f2c..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{/* - This version of the validatingwebhookconfiguration is applied directly by - helm. Galley only patches the caBundle and failurePolicy. -*/}} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - adapters - - handlers - - instances - - templates - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None \ No newline at end of file diff --git a/charts/rancher-istio/1.5.901/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.5.901/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 8df00f798..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,111 +0,0 @@ -{{/* - This version of the validatingwebhookconfiguration is applied indirectly - by galley. This exists to support a smoother upgrade path from istio - Rversions < 1.4 -*/}} -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - adapters - - handlers - - instances - - templates - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/galley/values.yaml b/charts/rancher-istio/1.5.901/charts/galley/values.yaml deleted file mode 100755 index 1dc415a8c..000000000 --- a/charts/rancher-istio/1.5.901/charts/galley/values.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: galley -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.5.901/charts/gateways/Chart.yaml b/charts/rancher-istio/1.5.901/charts/gateways/Chart.yaml deleted file mode 100755 index fd544ef24..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.5.901/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.5.901/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/gateways/templates/deployment.yaml deleted file mode 100755 index bb1b755fc..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,385 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - {{- if $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.901/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 865921ed8..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.5.901/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 6ef10a6a1..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,246 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadSelector: - labels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - configPatches: - - applyTo: NETWORK_FILTER - match: - context: GATEWAY - listener: - portNumber: 15443 - filterChain: - filter: - name: "envoy.filters.network.sni_cluster" - patch: - operation: INSERT_AFTER - value: - name: "envoy.filters.network.tcp_cluster_rewrite" - config: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.5.901/charts/gateways/templates/role.yaml deleted file mode 100755 index 6ebfb3504..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.5.901/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index 7fdfe6e40..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.901/charts/gateways/values.yaml b/charts/rancher-istio/1.5.901/charts/gateways/values.yaml deleted file mode 100755 index 69815e451..000000000 --- a/charts/rancher-istio/1.5.901/charts/gateways/values.yaml +++ /dev/null @@ -1,282 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - image: node-agent-k8s - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - env: - # By default, a gateway is in "standard" mode. If the mode is set to "sni-dnat", - # pilot generates an additional - # set of clusters for internal services without Istio mTLS, to - # enable cross cluster routing. Enable when using multi-cluster routing. - ISTIO_META_ROUTER_MODE: "standard" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - - # By default, a gateway is in "standard" mode. If the mode is set to "sni-dnat", - # pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "standard" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.5.901/charts/grafana/Chart.yaml b/charts/rancher-istio/1.5.901/charts/grafana/Chart.yaml deleted file mode 100755 index ae7ce1b3a..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.5.901/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index 7cb8e5b28..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"citadel\", pod=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.5.901/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index 1cdb6a5b2..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1734 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}[1m])) by (container)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 505043e54..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}[1m])) by (container)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m])) by (container)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.5.901/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index 6da44ec0a..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container, pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.5.901/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index bdc7e720e..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"discovery\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"discovery\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"istio-proxy\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"discovery\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.901/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.5.901/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.5.901/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.5.901/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.5.901/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.5.901/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index 64bf3e451..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/grafana/templates/deployment.yaml deleted file mode 100755 index 9ad2a7f56..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.5.901/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.5.901/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.5.901/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.5.901/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index 7c8d1944b..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/grafana/values.yaml b/charts/rancher-istio/1.5.901/charts/grafana/values.yaml deleted file mode 100755 index 7b977c1e7..000000000 --- a/charts/rancher-istio/1.5.901/charts/grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.5.901/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.5.901/charts/istiocoredns/Chart.yaml deleted file mode 100755 index e5ce58b24..000000000 --- a/charts/rancher-istio/1.5.901/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 925626f6b..000000000 --- a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.coreDNSTag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index 4af0a2256..000000000 --- a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.5.901/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.901/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.5.901/charts/istiocoredns/values.yaml deleted file mode 100755 index 6b31219cc..000000000 --- a/charts/rancher-istio/1.5.901/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -coreDNSImage: coredns/coredns -coreDNSTag: 1.6.2 -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -coreDNSPluginImage: istio/coredns-plugin:0.2-istio-1.1 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.901/charts/kiali/Chart.yaml b/charts/rancher-istio/1.5.901/charts/kiali/Chart.yaml deleted file mode 100755 index d6081dd21..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.1 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.1 diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.5.901/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.901/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.5.901/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 44c9dd199..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - login_token: - signing_key: {{ randAlphaNum 10 | quote }} - auth: - strategy: {{ .Values.dashboard.auth.strategy }} -{{- if eq .Values.dashboard.auth.strategy "ldap" }} - ldap: -{{- with .Values.dashboard.auth.strategy.ldap }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - in_cluster_url: {{ .Values.dashboard.jaegerInClusterURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - in_cluster_url: {{ .Values.dashboard.grafanaInClusterURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.5.901/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/kiali/templates/deployment.yaml deleted file mode 100755 index d0624ef08..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.5.901/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.5.901/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.901/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.5.901/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index e2a1ff671..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/kiali/values.yaml b/charts/rancher-istio/1.5.901/charts/kiali/values.yaml deleted file mode 100755 index af167baf3..000000000 --- a/charts/rancher-istio/1.5.901/charts/kiali/values.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -hub: quay.io/kiali -image: kiali -tag: v1.15 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, openshift, or ldap - # ldap: # This is required to use the ldap strategy - # ldap_base: "DC=example,DC=com" - # ldap_bind_dn: "CN={USERID},OU=xyz,OU=Users,OU=Accounts,DC=example,DC=com" - # ldap_group_filter: "(cn=%s)" - # ldap_host: "ldap-service.ldap-namespace" - # ldap_insecure_skip_verify: true - # ldap_mail_id_key: "mail" - # ldap_member_of_key: "memberOf" - # ldap_port: 123 - # ldap_role_filter: ".*xyz.*" - # ldap_search_filter: "(&(name={USERID}))" - # ldap_use_ssl: false - # ldap_user_filter: "(cn=%s)" - # ldap_user_id_key: "cn" - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - grafanaInClusterURL: "http://grafana:3000" # In Kubernetes cluster with ELB in front this option is needed, since public IP of ELB is not reachable from inside the cluster - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. - jaegerInClusterURL: "http://tracing/jaeger" # If you have Jaeger installed and accessible from Kiali pod (typically in cluster), then set this property to enable more tracing charts within Kiali. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.5.901/charts/mixer/Chart.yaml b/charts/rancher-istio/1.5.901/charts/mixer/Chart.yaml deleted file mode 100755 index be98709c3..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.5.901/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.5.901/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.901/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.5.901/charts/mixer/templates/config.yaml deleted file mode 100755 index e2ef31d38..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1084 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: api.protocol | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: {} - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 5b7dc3a89..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.5.901/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.901/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index 35bbc40d7..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.901/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/mixer/values.yaml b/charts/rancher-istio/1.5.901/charts/mixer/values.yaml deleted file mode 100755 index d335c36c3..000000000 --- a/charts/rancher-istio/1.5.901/charts/mixer/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# -# mixer configuration -# -image: mixer - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.5.901/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.5.901/charts/nodeagent/Chart.yaml deleted file mode 100755 index 1b7f95236..000000000 --- a/charts/rancher-istio/1.5.901/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.5.901/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.5.901/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.5.901/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.5.901/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.901/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.5.901/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.901/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.5.901/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index a4d2463d6..000000000 --- a/charts/rancher-istio/1.5.901/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.5.901/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.5.901/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.901/charts/nodeagent/values.yaml b/charts/rancher-istio/1.5.901/charts/nodeagent/values.yaml deleted file mode 100755 index 3e1c09045..000000000 --- a/charts/rancher-istio/1.5.901/charts/nodeagent/values.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -image: node-agent-k8s -env: - # name of authentication provider. - CA_PROVIDER: "Citadel" - # CA endpoint. - CA_ADDR: "istio-citadel:8060" - # names of authentication provider's plugins. - PLUGINS: "" - VALID_TOKEN: true -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.901/charts/pilot/Chart.yaml b/charts/rancher-istio/1.5.901/charts/pilot/Chart.yaml deleted file mode 100755 index 559a7a852..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.5.901/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.5.901/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index d149176a9..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: - - config.istio.io - - rbac.istio.io - - security.istio.io - - networking.istio.io - - authentication.istio.io - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.5.901/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.901/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.901/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.5.901/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 7e7cd2b97..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.5.901/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.901/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.901/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index a432023ca..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.5.901/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.901/charts/pilot/values.yaml b/charts/rancher-istio/1.5.901/charts/pilot/values.yaml deleted file mode 100755 index 0d37ec59c..000000000 --- a/charts/rancher-istio/1.5.901/charts/pilot/values.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: pilot -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.5.901/charts/prometheus/Chart.yaml deleted file mode 100755 index 87ce795a5..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.5.901/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.5.901/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.5.901/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index cfd0d43ab..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,294 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - - job_name: 'sidecar-injector' - - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-sidecar-injector;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 1033a2f5b..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.5.901/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.5.901/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index c36ce3f5c..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/prometheus/values.yaml b/charts/rancher-istio/1.5.901/charts/prometheus/values.yaml deleted file mode 100755 index 76bda8457..000000000 --- a/charts/rancher-istio/1.5.901/charts/prometheus/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -hub: docker.io/prom -image: prometheus -tag: v2.12.0 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.5.901/charts/security/Chart.yaml b/charts/rancher-istio/1.5.901/charts/security/Chart.yaml deleted file mode 100755 index be7731948..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index 61e1156a4..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/deployment.yaml deleted file mode 100755 index 81d0c6b28..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 661617803..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} -{{- if not .Values.global.mtls.auto }} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index 1a8809599..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.901/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.5.901/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 481b486de..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/security/values.yaml b/charts/rancher-istio/1.5.901/charts/security/values.yaml deleted file mode 100755 index ee16f2c60..000000000 --- a/charts/rancher-istio/1.5.901/charts/security/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: citadel -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index f814462ac..000000000 --- a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index b0ddf131f..000000000 --- a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/tmp/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/tmp/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/tmp/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index ea03cd81c..000000000 --- a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - targetPort: 9443 - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index b2716d945..000000000 --- a/charts/rancher-istio/1.5.901/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: sidecar_injector -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: true - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.5.901/charts/tracing/.helmignore b/charts/rancher-istio/1.5.901/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.5.901/charts/tracing/Chart.yaml b/charts/rancher-istio/1.5.901/charts/tracing/Chart.yaml deleted file mode 100755 index f3b8486f6..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.901/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.5.901/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index da54eeb94..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.5.901/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.5.901/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index eef24fc16..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.5.901/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.5.901/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.5.901/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.5.901/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index f7ab769b8..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,114 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector-headless - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - clusterIP: None -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.5.901/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.5.901/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.5.901/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.5.901/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index 64248e8c5..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/charts/tracing/values.yaml b/charts/rancher-istio/1.5.901/charts/tracing/values.yaml deleted file mode 100755 index 03381bfe5..000000000 --- a/charts/rancher-istio/1.5.901/charts/tracing/values.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - hub: docker.io/jaegertracing - image: all-in-one - tag: 1.16 - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - hub: docker.io/openzipkin - image: zipkin - tag: 2.14.2 - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.5.901/files/injection-template.yaml b/charts/rancher-istio/1.5.901/files/injection-template.yaml deleted file mode 100755 index 7accc63ea..000000000 --- a/charts/rancher-istio/1.5.901/files/injection-template.yaml +++ /dev/null @@ -1,473 +0,0 @@ -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe true }} -initContainers: -{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{ if .Values.istio_cni.enabled -}} -- name: istio-validation -{{ else -}} -- name: istio-init -{{ end -}} -{{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- end }} - command: - - istio-iptables - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if .Values.istio_cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ end -}} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" -{{- if .Values.global.proxy_init.resources }} - resources: - {{ toYaml .Values.global.proxy_init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.istio_cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.istio_cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsUser: 1337 - runAsNonRoot: true - {{- end }} - restartPolicy: Always -{{ end -}} -{{- if eq (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} -containers: -- name: istio-proxy -{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` "") }} # if custom pod then use that - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" -{{- else }} - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- else }} - image: "{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- end }} -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} -{{- if .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- end }} -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} -{{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: |- - [ - {{- range $index, $container := .Spec.Containers }} - {{- if ne $index 0}},{{- end}} - {{ $container.Name }} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents.Value }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else -}} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: -{{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} -{{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} - {{- end }} -{{- end }} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.5.901/questions.yaml b/charts/rancher-istio/1.5.901/questions.yaml deleted file mode 100644 index b8a44af88..000000000 --- a/charts/rancher-istio/1.5.901/questions.yaml +++ /dev/null @@ -1,5 +0,0 @@ -labels: - rancher.istio.v1.5.901: 1.5.9 -rancher_min_version: 2.4.5-rc1 -rancher_max_version: 2.5.99 - diff --git a/charts/rancher-istio/1.5.901/requirements.yaml b/charts/rancher-istio/1.5.901/requirements.yaml deleted file mode 100755 index 52613bcf6..000000000 --- a/charts/rancher-istio/1.5.901/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.5.9 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.5.9 - condition: security.enabled - - name: gateways - version: 1.5.9 - condition: gateways.enabled - - name: mixer - version: 1.5.9 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.5.9 - condition: nodeagent.enabled - - name: pilot - version: 1.5.9 - condition: pilot.enabled - - name: grafana - version: 1.5.9 - condition: grafana.enabled - - name: prometheus - version: 1.5.9 - condition: prometheus.enabled - - name: tracing - version: 1.5.9 - condition: tracing.enabled - - name: galley - version: 1.5.9 - condition: galley.enabled - - name: kiali - version: 1.5.9 - condition: kiali.enabled - - name: istiocoredns - version: 1.5.9 - condition: istiocoredns.enabled - - name: certmanager - version: 1.5.9 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.5.901/templates/NOTES.txt b/charts/rancher-istio/1.5.901/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.5.901/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.5.901/templates/_affinity.tpl b/charts/rancher-istio/1.5.901/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.5.901/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/templates/_helpers.tpl b/charts/rancher-istio/1.5.901/templates/_helpers.tpl deleted file mode 100755 index 3f267faa2..000000000 --- a/charts/rancher-istio/1.5.901/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.901/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.5.901/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.5.901/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.5.901/templates/clusterrole.yaml b/charts/rancher-istio/1.5.901/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.5.901/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.5.901/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.901/templates/clusterrolebinding.yaml deleted file mode 100755 index 759678ea6..000000000 --- a/charts/rancher-istio/1.5.901/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.901/templates/configmap.yaml b/charts/rancher-istio/1.5.901/templates/configmap.yaml deleted file mode 100755 index 6bac37a7c..000000000 --- a/charts/rancher-istio/1.5.901/templates/configmap.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - {{- range .Values.pilot.configSource.subscribedResources }} - - {{ . }} - {{- end }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - {{- if .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- end }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/templates/crd-all.gen.yaml b/charts/rancher-istio/1.5.901/templates/crd-all.gen.yaml deleted file mode 100644 index 6c95a751d..000000000 --- a/charts/rancher-istio/1.5.901/templates/crd-all.gen.yaml +++ /dev/null @@ -1,6037 +0,0 @@ -# DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs. -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - description: Deprecated. - type: boolean - origins: - description: Deprecated. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - description: Deprecated. - type: boolean - peers: - description: List of authentication methods that can be used for peer authentication. - items: - oneOf: - - not: - anyOf: - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: Deprecated. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Deprecated. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: Deprecated. - items: - properties: - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - not: - anyOf: - - required: - - number - - required: - - name - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - listKind: PolicyList - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - description: Deprecated. - type: boolean - origins: - description: Deprecated. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - description: Deprecated. - type: boolean - peers: - description: List of authentication methods that can be used for peer authentication. - items: - oneOf: - - not: - anyOf: - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: Deprecated. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Deprecated. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: Deprecated. - items: - properties: - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - not: - anyOf: - - required: - - number - - required: - - name - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - listKind: HTTPAPISpecList - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - not: - anyOf: - - required: - - query - - required: - - header - - required: - - cookie - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - not: - anyOf: - - required: - - query - - required: - - header - - required: - - cookie - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - not: - anyOf: - - required: - - uriTemplate - - required: - - regex - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - listKind: HTTPAPISpecBindingList - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - listKind: QuotaSpecList - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - listKind: QuotaSpecBindingList - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - listKind: EnvoyFilterList - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - not: - anyOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was generated. - type: integer - service: - description: The fully qualified service name for this cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual host. - properties: - action: - description: Match a route with specific action type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - - INSERT_FIRST - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - listKind: GatewayList - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details at: https://istio.io/docs/reference/config/networking/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - listKind: SidecarList - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The IP to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform CORS requests. - items: - format: string - type: string - type: array - allowOrigins: - description: String patterns that match allowed origins. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at the client side. - properties: - abort: - oneOf: - - not: - anyOf: - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http request. - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - not: - anyOf: - - required: - - fixedDelay - - required: - - exponentialDelay - - required: - - fixedDelay - - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should be case-insensitive. - type: boolean - method: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` field. - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` field. - type: integer - mirrorPercentage: - description: Percentage of the traffic to be mirrored by the `mirror` field. - properties: - value: - format: double - type: number - type: object - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A HTTP rule can either redirect or forward (default) traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A HTTP rule can either redirect or forward (default) traffic. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: array - route: - description: The destination to which the connection should be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - listKind: attributemanifestList - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: mixer-handler - package: handler - release: istio - name: handlers.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: handler - listKind: handlerList - plural: handlers - singular: handler - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Handler allows the operator to configure a specific adapter implementation. - properties: - adapter: - description: The name of a specific adapter implementation. - format: string - type: string - compiledAdapter: - description: The name of the compiled in adapter this handler instantiates. - format: string - type: string - connection: - description: Information on how to connect to the out-of-process adapter. - properties: - address: - description: The address of the backend. - format: string - type: string - authentication: - description: Auth config for the connection to the backend. - oneOf: - - not: - anyOf: - - properties: - tls: - allOf: - - oneOf: - - not: - anyOf: - - required: - - tokenPath - - required: - - oauth - - required: - - tokenPath - - required: - - oauth - - oneOf: - - not: - anyOf: - - required: - - authHeader - - required: - - customHeader - - required: - - authHeader - - required: - - customHeader - required: - - tls - - required: - - mutual - - properties: - tls: - allOf: - - oneOf: - - not: - anyOf: - - required: - - tokenPath - - required: - - oauth - - required: - - tokenPath - - required: - - oauth - - oneOf: - - not: - anyOf: - - required: - - authHeader - - required: - - customHeader - - required: - - authHeader - - required: - - customHeader - required: - - tls - - required: - - mutual - properties: - mutual: - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: The path to the file holding client certificate for mutual TLS. - format: string - type: string - privateKey: - description: The path to the file holding the private key for mutual TLS. - format: string - type: string - serverName: - description: Used to configure mixer mutual TLS client to supply server name for SNI. - format: string - type: string - type: object - tls: - properties: - authHeader: - description: Access token is passed as authorization header. - enum: - - PLAIN - - BEARER - type: string - caCertificates: - format: string - type: string - customHeader: - description: Customized header key to hold access token, e.g. - format: string - type: string - oauth: - description: Oauth config to fetch access token from auth provider. - properties: - clientId: - description: OAuth client id for mixer. - format: string - type: string - clientSecret: - description: The path to the file holding the client secret for oauth. - format: string - type: string - endpointParams: - additionalProperties: - format: string - type: string - description: Additional parameters for requests to the token endpoint. - type: object - scopes: - description: List of requested permissions. - items: - format: string - type: string - type: array - tokenUrl: - description: The Resource server's token endpoint URL. - format: string - type: string - type: object - serverName: - format: string - type: string - tokenPath: - format: string - type: string - type: object - type: object - timeout: - description: Timeout for remote calls to the backend. - type: string - type: object - name: - description: Must be unique in the entire Mixer configuration. - format: string - type: string - params: - description: Depends on adapter implementation. - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: mixer-instance - package: instance - release: istio - name: instances.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: instance - listKind: instanceList - plural: instances - singular: instance - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: An Instance tells Mixer how to create instances for particular template. - properties: - attributeBindings: - additionalProperties: - format: string - type: string - type: object - compiledTemplate: - description: The name of the compiled in template this instance creates instances for. - format: string - type: string - name: - format: string - type: string - params: - description: Depends on referenced template. - type: object - template: - description: The name of the template this instance creates instances for. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - listKind: ruleList - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - listKind: ClusterRbacConfigList - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - listKind: RbacConfigList - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - listKind: ServiceRoleList - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - listKind: ServiceRoleBindingList - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - listKind: AuthorizationPolicyList - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details at: https://istio.io/docs/reference/config/security/authorization-policy.html' - properties: - action: - description: Optional. - enum: - - ALLOW - - DENY - type: string - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - notIpBlocks: - description: Optional. - items: - format: string - type: string - type: array - notNamespaces: - description: Optional. - items: - format: string - type: string - type: array - notPrincipals: - description: Optional. - items: - format: string - type: string - type: array - notRequestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - description: Optional. - items: - format: string - type: string - type: array - notMethods: - description: Optional. - items: - format: string - type: string - type: array - notPaths: - description: Optional. - items: - format: string - type: string - type: array - notPorts: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - notValues: - description: Optional. - items: - format: string - type: string - type: array - values: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: peerauthentications.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: PeerAuthentication - listKind: PeerAuthenticationList - plural: peerauthentications - singular: peerauthentication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar. - properties: - mtls: - description: Mutual TLS settings for workload. - properties: - mode: - description: Defines the mTLS mode used for peer authentication. - enum: - - UNSET - - DISABLE - - PERMISSIVE - - STRICT - type: string - type: object - portLevelMtls: - additionalProperties: - properties: - mode: - description: Defines the mTLS mode used for peer authentication. - enum: - - UNSET - - DISABLE - - PERMISSIVE - - STRICT - type: string - type: object - description: Port specific mutual TLS settings. - type: object - selector: - description: The selector determines the workloads to apply the ChannelAuthentication on. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: requestauthentications.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: RequestAuthentication - listKind: RequestAuthenticationList - plural: requestauthentications - singular: requestauthentication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: RequestAuthentication defines what request authentication methods are supported by a workload. - properties: - jwtRules: - description: Define the list of JWTs that can be validated at the selected workloads' proxy. - items: - properties: - audiences: - items: - format: string - type: string - type: array - forwardOriginalToken: - description: If set to true, the orginal token will be kept for the ustream request. - type: boolean - fromHeaders: - description: List of header locations from which JWT is expected. - items: - properties: - name: - description: The HTTP header name. - format: string - type: string - prefix: - description: The prefix that should be stripped before decoding the token. - format: string - type: string - type: object - type: array - fromParams: - description: List of query parameters from which JWT is expected. - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - outputPayloadToHeader: - format: string - type: string - type: object - type: array - selector: - description: The selector determines the workloads to apply the RequestAuthentication on. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.5.901/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.5.901/templates/crd-certmanager-10.yaml deleted file mode 100644 index 3da40f0fb..000000000 --- a/charts/rancher-istio/1.5.901/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.5.901/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.5.901/templates/crd-certmanager-11.yaml deleted file mode 100644 index 5dcd69879..000000000 --- a/charts/rancher-istio/1.5.901/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.5.901/templates/crd-mixer.yaml b/charts/rancher-istio/1.5.901/templates/crd-mixer.yaml deleted file mode 100644 index a9feb0357..000000000 --- a/charts/rancher-istio/1.5.901/templates/crd-mixer.yaml +++ /dev/null @@ -1,61 +0,0 @@ -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.5.901/templates/endpoints.yaml b/charts/rancher-istio/1.5.901/templates/endpoints.yaml deleted file mode 100755 index 2acb95620..000000000 --- a/charts/rancher-istio/1.5.901/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.5.901/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.5.901/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.5.901/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.5.901/templates/istio-onefive-migration.yaml b/charts/rancher-istio/1.5.901/templates/istio-onefive-migration.yaml deleted file mode 100644 index acfe78caf..000000000 --- a/charts/rancher-istio/1.5.901/templates/istio-onefive-migration.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if .Values.onefiveMigration.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" -rules: - - apiGroups: ["extensions","apps"] - resources: ["deployments"] - verbs: ["get", "list", "delete"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "delete"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterrolebindings"] - verbs: ["get", "list", "delete"] - - apiGroups: [""] - resources: ["serviceaccounts", "pods"] - verbs: ["get", "list", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-onefive-migration -subjects: - - kind: ServiceAccount - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - template: - metadata: - name: istio-onefive-migration - labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-onefive-migration - restartPolicy: OnFailure - containers: - - name: migrate - image: "{{ template "system_default_registry" . }}{{ .Values.onefiveMigration.repository }}:{{ .Values.onefiveMigration.tag }}" - imagePullPolicy: Always -{{- end }} diff --git a/charts/rancher-istio/1.5.901/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.5.901/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.5.901/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.901/templates/service.yaml b/charts/rancher-istio/1.5.901/templates/service.yaml deleted file mode 100755 index 00946ddba..000000000 --- a/charts/rancher-istio/1.5.901/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.5.901/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.901/templates/serviceaccount.yaml deleted file mode 100755 index c377d10e4..000000000 --- a/charts/rancher-istio/1.5.901/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-reader-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.901/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.5.901/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.5.901/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.901/test-values/README.md b/charts/rancher-istio/1.5.901/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.5.901/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.5.901/test-values/values-e2e.yaml b/charts/rancher-istio/1.5.901/test-values/values-e2e.yaml deleted file mode 100755 index 1e1bf1fde..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - name: istio-ingressgateway - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - name: istio-egressgateway - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.5.901/test-values/values-integ.yaml b/charts/rancher-istio/1.5.901/test-values/values-integ.yaml deleted file mode 100755 index 3d079d716..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-integ.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - name: istio-ingressgateway - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - name: istio-egressgateway - enabled: false - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index 843869703..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,24 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - image: node-agent-k8s - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-mesh-networks.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-mesh-networks.yaml deleted file mode 100755 index c713b8af9..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-mesh-networks.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# overrides to test the meshNetworks. -global: - meshNetworks: - # NOTE: DO NOT CHANGE THIS! Its hardcoded in Pilot in different areas - Kubernetes: - endpoints: - - fromRegistry: Kubernetes - gateways: - - port: 15443 - address: 2.2.2.2 - vm: {} - - #This will cause ISTIO_META_NETWORK to be set on the pods and the - #kube controller code to match endpoints from kubernetes with the default - #cluster ID of "Kubernetes". Need to fix this code - network: "Kubernetes" diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.901/test-values/values-istio.yaml b/charts/rancher-istio/1.5.901/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.5.901/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.5.901/values.yaml b/charts/rancher-istio/1.5.901/values.yaml deleted file mode 100755 index 41c815fe7..000000000 --- a/charts/rancher-istio/1.5.901/values.yaml +++ /dev/null @@ -1,699 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio # The release name must be cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/istio-sidecar_injector - tag: 1.5.9 - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/istio-galley - tag: 1.5.9 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - repository: rancher/istio-mixer - tag: 1.5.9 - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/istio-pilot - tag: 1.5.9 - enabled: true - -# -# security configuration -# -security: - repository: rancher/istio-citadel - tag: 1.5.9 - enabled: true - -# -# nodeagent configuration, see global.nodeagent for setting images -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - # note that this does not get used by default, instead we use monitorings grafana - repository: rancher/grafana-grafana - tag: 6.7.4 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/prom-prometheus - tag: v2.12.0 - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - enabled: false - jaeger: - repository: rancher/jaegertracing-all-in-one - tag: 1.14 - zipkin: - repository: rancher/openzipkin-zipkin - tag: 2.14.2 - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/kiali-kiali - tag: v1.17 - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - grafanaInClusterURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - image: - repository: rancher/jetstack-cert-manager-controller - tag: v0.8.1 - enabled: false - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/coredns-coredns - tag: 1.6.2 - pluginImage: - repository: rancher/istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Job to move from 1.4 to 1.5 -# -onefiveMigration: - enabled: true - repository: rancher/istio-1.5-migration - tag: 0.1.1 - -# Common settings used among istio subcharts. -global: - - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - clusterId: - - systemDefaultRegistry: "" - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.5.9 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/istio-kubectl - tag: 1.5.9 - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/pstauffer-curl - tag: v1.0.3 - - proxy: - # use fully qualified image names for alternate path to proxy. - repository: rancher/istio-proxyv2 - tag: 1.5.9 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Specifies the path to the outlier event log. - outlierLogPath: # example: /dev/stdout - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - repository: rancher/istio-proxyv2 - tag: 1.5.9 - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: true - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - # - # nodeagent configuration - # - nodeagent: - repository: rancher/istio-node-agent-k8s - tag: 1.5.9 - - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-istio/1.5.920/.helmignore b/charts/rancher-istio/1.5.920/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.5.920/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.5.920/Chart.yaml b/charts/rancher-istio/1.5.920/Chart.yaml deleted file mode 100755 index 3766bdbc7..000000000 --- a/charts/rancher-istio/1.5.920/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for all istio components -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -- sidecarInjectorWebhook -- mixer -- pilot -- galley -name: rancher-istio -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2-0' -version: 1.5.920 -kubeVersion: '< 1.21.0-0' diff --git a/charts/rancher-istio/1.5.920/LICENSE b/charts/rancher-istio/1.5.920/LICENSE deleted file mode 100755 index 56df9b297..000000000 --- a/charts/rancher-istio/1.5.920/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Istio Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/rancher-istio/1.5.920/README.md b/charts/rancher-istio/1.5.920/README.md deleted file mode 100755 index f7f35cc17..000000000 --- a/charts/rancher-istio/1.5.920/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Chart Details - -This chart can install multiple Istio components as subcharts: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. -- The `istio-init` chart must be run to completion prior to install the `istio` chart. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. If a service account has not already been installed for Tiller, install one: - - ```bash - $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml - ``` - -1. Install Tiller on your cluster with the service account: - - ```bash - $ helm init --service-account tiller - ``` - -1. Set and create the namespace where Istio was installed: - - ```bash - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - - ```bash - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - - ```bash - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. -To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. - -Helm charts expose configuration options which are currently in alpha. The currently exposed options can be found [here](https://istio.io/docs/reference/config/installation-options/). - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - -```bash -$ helm delete istio -``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - -```bash -$ helm delete --purge istio -``` diff --git a/charts/rancher-istio/1.5.920/charts/certmanager/Chart.yaml b/charts/rancher-istio/1.5.920/charts/certmanager/Chart.yaml deleted file mode 100755 index af66656bb..000000000 --- a/charts/rancher-istio/1.5.920/charts/certmanager/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 0.6.2 -description: A Helm chart for Kubernetes -name: certmanager -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/certmanager/templates/NOTES.txt b/charts/rancher-istio/1.5.920/charts/certmanager/templates/NOTES.txt deleted file mode 100755 index 0307ede4c..000000000 --- a/charts/rancher-istio/1.5.920/charts/certmanager/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -certmanager has been deployed successfully! - -More information on the different types of issuers and how to configure them -can be found in our documentation: - -https://cert-manager.readthedocs.io/en/latest/reference/issuers.html \ No newline at end of file diff --git a/charts/rancher-istio/1.5.920/charts/certmanager/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/certmanager/templates/_helpers.tpl deleted file mode 100755 index 331a91d43..000000000 --- a/charts/rancher-istio/1.5.920/charts/certmanager/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "certmanager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "certmanager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "certmanager.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/certmanager/templates/deployment.yaml deleted file mode 100755 index 323228638..000000000 --- a/charts/rancher-istio/1.5.920/charts/certmanager/templates/deployment.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: certmanager - template: - metadata: - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: certmanager -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: certmanager - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - {{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.podDnsPolicy }} - dnsPolicy: {{ .Values.podDnsPolicy }} - {{- end }} - {{- if .Values.podDnsConfig }} - dnsConfig: -{{ toYaml .Values.podDnsConfig | indent 8 }} - {{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/certmanager/templates/issuer.yaml b/charts/rancher-istio/1.5.920/charts/certmanager/templates/issuer.yaml deleted file mode 100755 index 59402daea..000000000 --- a/charts/rancher-istio/1.5.920/charts/certmanager/templates/issuer.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.email }} - privateKeySecretRef: - name: letsencrypt - http01: {} diff --git a/charts/rancher-istio/1.5.920/charts/certmanager/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.920/charts/certmanager/templates/poddisruptionbudget.yaml deleted file mode 100755 index bb3c95c27..000000000 --- a/charts/rancher-istio/1.5.920/charts/certmanager/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - version: {{ .Chart.Version }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 4 }} - {{- end }} -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: certmanager - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/certmanager/templates/rbac.yaml b/charts/rancher-istio/1.5.920/charts/certmanager/templates/rbac.yaml deleted file mode 100755 index b3a4ef340..000000000 --- a/charts/rancher-istio/1.5.920/charts/certmanager/templates/rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] - verbs: ["*"] - - apiGroups: [""] - resources: ["configmaps", "secrets", "events", "services", "pods"] - verbs: ["*"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: certmanager - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: certmanager -subjects: - - name: certmanager - namespace: {{ .Release.Namespace }} - kind: ServiceAccount diff --git a/charts/rancher-istio/1.5.920/charts/certmanager/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/certmanager/templates/serviceaccount.yaml deleted file mode 100755 index f87543508..000000000 --- a/charts/rancher-istio/1.5.920/charts/certmanager/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: certmanager - namespace: {{ .Release.Namespace }} - labels: - app: certmanager - chart: {{ template "certmanager.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.920/charts/certmanager/values.yaml b/charts/rancher-istio/1.5.920/charts/certmanager/values.yaml deleted file mode 100755 index 2dbff4beb..000000000 --- a/charts/rancher-istio/1.5.920/charts/certmanager/values.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Certmanager uses ACME to sign certificates. Since Istio gateways are -# mounting the TLS secrets the Certificate CRDs must be created in the -# istio-system namespace. Once the certificate has been created, the -# gateway must be updated by adding 'secretVolumes'. After the gateway -# restart, DestinationRules can be created using the ACME-signed certificates. -enabled: false -replicaCount: 1 -hub: quay.io/jetstack -# image: cert-manager-controller -tag: v0.8.1 -resources: {} -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.920/charts/galley/Chart.yaml b/charts/rancher-istio/1.5.920/charts/galley/Chart.yaml deleted file mode 100755 index b51fef01d..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for galley deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- galley -name: galley -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/galley/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/galley/templates/_helpers.tpl deleted file mode 100755 index 5d42f4a03..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "galley.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "galley.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "galley.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/galley/templates/clusterrole.yaml b/charts/rancher-istio/1.5.920/charts/galley/templates/clusterrole.yaml deleted file mode 100755 index 504abc079..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/templates/clusterrole.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-galley-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - # For reading Istio resources -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*"] - verbs: ["get", "list", "watch"] - # For updating Istio resource statuses -- apiGroups: [ - "authentication.istio.io", - "config.istio.io", - "networking.istio.io", - "rbac.istio.io", - "security.istio.io"] - resources: ["*/status"] - verbs: ["update"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] -{{- end }} -- apiGroups: ["extensions","apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["pods", "nodes", "services", "endpoints", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterroles"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.5.920/charts/galley/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.920/charts/galley/templates/clusterrolebinding.yaml deleted file mode 100755 index 88cde2554..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-galley-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-galley-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.920/charts/galley/templates/configmap.yaml b/charts/rancher-istio/1.5.920/charts/galley/templates/configmap.yaml deleted file mode 100755 index 662c960b1..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-galley-configuration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -data: -{{- if .Values.global.configValidation }} - validatingwebhookconfiguration.yaml: |- - {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -{{- end}} diff --git a/charts/rancher-istio/1.5.920/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/galley/templates/deployment.yaml deleted file mode 100755 index 1110c9b57..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/templates/deployment.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: galley - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-galley-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: galley - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9443 - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 9901 - command: - - /usr/local/bin/galley - - server - - --meshConfigFile=/etc/mesh-config/mesh - - --livenessProbeInterval=1s - - --livenessProbePath=/tmp/healthliveness - - --readinessProbePath=/tmp/healthready - - --readinessProbeInterval=1s - - --deployment-namespace={{ .Release.Namespace }} -{{- if $.Values.global.controlPlaneSecurityEnabled}} - - --insecure=false -{{- else }} - - --insecure=true -{{- end }} -{{- if .Values.enableServiceDiscovery }} - - --enableServiceDiscovery=true -{{- end }} -{{- if not $.Values.global.useMCP }} - - --enable-server=false -{{- end }} -{{- if not $.Values.global.configValidation }} - - --enable-validation=false -{{- end }} -{{- if .Values.global.operatorManageWebhooks }} - - --enable-reconcileWebhookConfiguration=false -{{- else }} - - --enable-reconcileWebhookConfiguration=true -{{- end }} - - --monitoringPort={{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if .Values.enableAnalysis }} - - --enableAnalysis=true -{{- end }} -{{- if .Values.global.certificates }} - - --validation.tls.clientCertificate=/etc/dnscerts/cert-chain.pem - - --validation.tls.privateKey=/etc/dnscerts/key.pem - - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem -{{- end }} - volumeMounts: - - name: certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.global.certificates }} - - name: dnscerts - mountPath: /etc/dnscerts - readOnly: true -{{- end }} - - name: config - mountPath: /etc/config - readOnly: true - - name: mesh-config - mountPath: /etc/mesh-config - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/tmp/healthliveness - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - /usr/local/bin/galley - - probe - - --probe-path=/tmp/healthready - - --interval=10s - initialDelaySeconds: 5 - periodSeconds: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: certs - secret: - secretName: istio.istio-galley-service-account -{{- if .Values.global.certificates }} - - name: dnscerts - secret: - secretName: dns.istio-galley-service-account -{{- end }} - # galley expects /etc/config to exist even though it doesn't include any files. - - name: config - emptyDir: - medium: Memory - - name: mesh-config - configMap: - name: istio - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.920/charts/galley/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.920/charts/galley/templates/poddisruptionbudget.yaml deleted file mode 100755 index 1bf374e4a..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "galley.name" . }} - release: {{ .Release.Name }} - istio: galley -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/galley/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/galley/templates/service.yaml deleted file mode 100755 index 35e258175..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/templates/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-galley - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -spec: - ports: - - port: 443 - targetPort: 9443 - name: https-validation - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - - port: 9901 - name: grpc-mcp - selector: - istio: galley diff --git a/charts/rancher-istio/1.5.920/charts/galley/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/galley/templates/serviceaccount.yaml deleted file mode 100755 index 1ff54c49e..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-galley-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.920/charts/galley/templates/validatingwebhookconfiguration.yaml b/charts/rancher-istio/1.5.920/charts/galley/templates/validatingwebhookconfiguration.yaml deleted file mode 100755 index 4e1f50f2c..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{/* - This version of the validatingwebhookconfiguration is applied directly by - helm. Galley only patches the caBundle and failurePolicy. -*/}} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - adapters - - handlers - - instances - - templates - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None \ No newline at end of file diff --git a/charts/rancher-istio/1.5.920/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl b/charts/rancher-istio/1.5.920/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl deleted file mode 100755 index 8df00f798..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/templates/validatingwebhookconfiguration.yaml.tpl +++ /dev/null @@ -1,111 +0,0 @@ -{{/* - This version of the validatingwebhookconfiguration is applied indirectly - by galley. This exists to support a smoother upgrade path from istio - Rversions < 1.4 -*/}} -{{ define "validatingwebhookconfiguration.yaml.tpl" }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-galley - labels: - app: {{ template "galley.name" . }} - chart: {{ template "galley.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: galley -webhooks: - - name: pilot.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitpilot" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - httpapispecs - - httpapispecbindings - - quotaspecs - - quotaspecbindings - - operations: - - CREATE - - UPDATE - apiGroups: - - rbac.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - authentication.istio.io - apiVersions: - - "*" - resources: - - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - networking.istio.io - apiVersions: - - "*" - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None - - name: mixer.validation.istio.io - clientConfig: - service: - name: istio-galley - namespace: {{ .Release.Namespace }} - path: "/admitmixer" - caBundle: "" - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - config.istio.io - apiVersions: - - v1alpha2 - resources: - - rules - - attributemanifests - - adapters - - handlers - - instances - - templates - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/galley/values.yaml b/charts/rancher-istio/1.5.920/charts/galley/values.yaml deleted file mode 100755 index 1dc415a8c..000000000 --- a/charts/rancher-istio/1.5.920/charts/galley/values.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# -# galley configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: galley -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Enable service discovery processing in Galley -enableServiceDiscovery: false - -# Enable analysis and status update in Galley -enableAnalysis: false diff --git a/charts/rancher-istio/1.5.920/charts/gateways/Chart.yaml b/charts/rancher-istio/1.5.920/charts/gateways/Chart.yaml deleted file mode 100755 index fd544ef24..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for deploying Istio gateways -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- ingressgateway -- egressgateway -- gateways -name: gateways -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/gateways/templates/_affinity.tpl b/charts/rancher-istio/1.5.920/charts/gateways/templates/_affinity.tpl deleted file mode 100755 index fbd0e9a8f..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "gatewaynodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewayNodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "gatewayNodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .root.Values.global.defaultNodeSelector .nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "gatewayNodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .root.Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinity" }} -{{- if or .podAntiAffinityLabelSelector .podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if .podAntiAffinityTermLabelSelector }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "gatewaypodAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "gatewaypodAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/gateways/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/gateways/templates/_helpers.tpl deleted file mode 100755 index bfc8bc400..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gateway.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/gateways/templates/autoscale.yaml b/charts/rancher-istio/1.5.920/charts/gateways/templates/autoscale.yaml deleted file mode 100755 index 2455ac345..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/templates/autoscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/gateways/templates/deployment.yaml deleted file mode 100755 index bb1b755fc..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/templates/deployment.yaml +++ /dev/null @@ -1,385 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} - -{{- $labels := merge (dict "release" $.Release.Name "chart" (include "gateway.chart" $) "heritage" $.Release.Service) $spec.labels }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: -{{ $labels | toYaml | indent 4 }} -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - selector: - matchLabels: - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - template: - metadata: - labels: -{{ $labels | toYaml | indent 8 }} - annotations: - sidecar.istio.io/inject: "false" -{{- if $spec.podAnnotations }} -{{ toYaml $spec.podAnnotations | indent 8 }} -{{ end }} - spec: - serviceAccountName: {{ $key }}-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} -{{- if $.Values.global.proxy.enableCoreDump }} - initContainers: - - name: enable-core-dump - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - command: - - /bin/sh - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - securityContext: - privileged: true -{{- end }} - containers: -{{- if $spec.sds }} -{{- if $spec.sds.enabled }} - - name: ingress-sds - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - resources: -{{- if $spec.sds.resources }} -{{ toYaml $spec.sds.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: "ENABLE_WORKLOAD_SDS" - value: "false" - - name: "ENABLE_INGRESS_GATEWAY_SDS" - value: "true" - - name: "INGRESS_GATEWAY_NAMESPACE" - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway -{{- end }} -{{- end }} - - name: istio-proxy - image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - {{- range $key, $val := $spec.ports }} - - containerPort: {{ $val.port }} - {{- end }} - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - - --drainDuration - - '45s' #drainDuration - - --parentShutdownDuration - - '1m0s' #parentShutdownDuration - - --connectTimeout - - '10s' #connectTimeout - - --serviceCluster - - {{ $key }} - {{- if eq $.Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - {{ $.Values.global.tracer.lightstep.address }} - - --lightstepAccessToken - - {{ $.Values.global.tracer.lightstep.accessToken }} - - --lightstepSecure={{ $.Values.global.tracer.lightstep.secure }} - {{- if $.Values.global.tracer.lightstep.secure }} - - --lightstepCacertPath - - {{ $.Values.global.tracer.lightstep.cacertPath }} - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - {{- if $.Values.global.tracer.zipkin.address }} - - {{ $.Values.global.tracer.zipkin.address }} - {{- else if $.Values.global.istioNamespace }} - - zipkin.{{ $.Values.global.istioNamespace }}:9411 - {{- else }} - - zipkin:9411 - {{- end }} - {{- else if eq $.Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - {{ $.Values.global.tracer.datadog.address }} - {{- end }} - {{- if $.Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} - {{- end }} - {{- if $.Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - {{- with $.Values.global.proxy.envoyMetricsService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end}} - {{- if $.Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - {{- with $.Values.global.proxy.envoyAccessLogService }} - - '{"address":"{{ .host }}:{{.port }}"{{ if .tlsSettings }},"tlsSettings":{{ .tlsSettings | toJson }}{{- end }}{{ if .tcpKeepalive }},"tcpKeepalive":{{ .tcpKeepalive | toJson }}{{- end }}}' - {{- end }} - {{- end }} - - --proxyAdminPort - - "15000" - - --statusPort - - "15020" - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15011 - {{- else }} - - istio-pilot:15011 - {{- end }} - {{- else }} - - --controlPlaneAuthPolicy - - NONE - - --discoveryAddress - {{- if $.Values.global.istioNamespace }} - - istio-pilot.{{ $.Values.global.istioNamespace }}:15010 - {{- else }} - - istio-pilot:15010 - {{- end }} - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: -{{- if $spec.resources }} -{{ toYaml $spec.resources | indent 12 }} -{{- else }} -{{ toYaml $.Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if $.Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_METAJSON_LABELS - value: | - {{ $labels | toJson}} - - name: ISTIO_META_CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - - name: ISTIO_META_WORKLOAD_NAME - value: {{ $key }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{ $spec.namespace | default $.Release.Namespace }}/deployments/{{ $key }} - {{- if $.Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.meshID }}" - {{- else if $.Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ $.Values.global.trustDomain }}" - {{- end }} - {{- if eq $.Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if eq $.Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ $.Values.global.tracer.stackdriver.debug }}" - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes }}" - {{- end }} - {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }}" - {{- end }} - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ISTIO_META_USER_SDS - value: "true" - {{- end }} - {{- end }} - {{- if $spec.env }} - {{- range $key, $val := $spec.env }} - - name: {{ $key }} - value: {{ $val }} - {{- end }} - {{- end }} - {{ if eq $key "istio-ingressgateway" }} - {{ $network_set := index $spec.env "ISTIO_META_NETWORK" }} - {{- if and (not $network_set) $.Values.global.network }} - - name: ISTIO_META_NETWORK - value: {{ $.Values.global.network }} - {{- end }} - {{- end }} - volumeMounts: - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - mountPath: /var/run/ingress_gateway - {{- end }} - {{- end }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ dir $.Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} -{{- if $spec.additionalContainers }} -{{ toYaml $spec.additionalContainers | indent 8 }} -{{- end }} - volumes: - {{- if $spec.sds }} - {{- if $spec.sds.enabled }} - - name: ingressgatewaysdsudspath - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.sds.enabled }} - - name: sdsudspath - hostPath: - path: /var/run/sds - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ $.Values.global.sds.token.aud }} - {{- end }} - - name: istio-certs - secret: - secretName: istio.{{ $key }}-service-account - optional: true - {{- range $spec.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - {{- range $spec.configVolumes }} - - name: {{ .name }} - configMap: - name: {{ .configMapName | quote }} - optional: true - {{- end }} - {{- if and (eq $.Values.global.proxy.tracer "lightstep") $.Values.global.tracer.lightstep.cacertPath }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - affinity: - {{- include "gatewaynodeaffinity" (dict "root" $ "nodeSelector" $spec.nodeSelector) | indent 6 }} - {{- include "gatewaypodAntiAffinity" (dict "podAntiAffinityLabelSelector" $spec.podAntiAffinityLabelSelector "podAntiAffinityTermLabelSelector" $spec.podAntiAffinityTermLabelSelector) | indent 6 }} - {{- if $spec.tolerations }} - tolerations: -{{ toYaml $spec.tolerations | indent 6 }} - {{- else if $.Values.global.defaultTolerations }} - tolerations: -{{ toYaml $.Values.global.defaultTolerations | indent 6 }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/gateways/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.920/charts/gateways/templates/poddisruptionbudget.yaml deleted file mode 100755 index 865921ed8..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if and (ne $key "enabled") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/gateways/templates/preconfigured.yaml b/charts/rancher-istio/1.5.920/charts/gateways/templates/preconfigured.yaml deleted file mode 100755 index 6ef10a6a1..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/templates/preconfigured.yaml +++ /dev/null @@ -1,246 +0,0 @@ -{{- if .Values.global.k8sIngress.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-autogenerated-k8s-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: {{ .Values.global.k8sIngress.gatewayName }} - servers: - - port: - number: 80 - protocol: HTTP2 - name: http - hosts: - - "*" -{{ if .Values.global.k8sIngress.enableHttps }} - - port: - number: 443 - protocol: HTTPS - name: https-default - tls: - mode: SIMPLE - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - privateKey: /etc/istio/ingressgateway-certs/tls.key - hosts: - - "*" -{{ end }} ---- -{{ end }} - -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-ilb-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - istio: ilbgateway - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- else }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: meshexpansion-gateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - port: - number: 15011 - protocol: TCP - name: tcp-pilot - hosts: - - "*" - - port: - number: 8060 - protocol: TCP - name: tcp-citadel - hosts: - - "*" - - port: - number: 15004 - name: tls-mixer - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH - hosts: - - "*" ---- -{{- end }} -{{- end }} - -{{- if .Values.global.multiCluster.enabled }} -{{- if (index .Values "istio-egressgateway" "enabled") }} -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-egressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-egressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH -{{- end }} ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - servers: - - hosts: - - "*.global" - port: - name: tls - number: 15443 - protocol: TLS - tls: - mode: AUTO_PASSTHROUGH ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: istio-multicluster-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - workloadSelector: - labels: - {{- range $key, $spec := .Values }} - {{- if eq $key "istio-ingressgateway" }} - {{- if $spec.enabled }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - configPatches: - - applyTo: NETWORK_FILTER - match: - context: GATEWAY - listener: - portNumber: 15443 - filterChain: - filter: - name: "envoy.filters.network.sni_cluster" - patch: - operation: INSERT_AFTER - value: - name: "envoy.filters.network.tcp_cluster_rewrite" - config: - cluster_pattern: "\\.global$" - cluster_replacement: ".svc.{{ .Values.global.proxy.clusterDomain }}" ---- -## To ensure all traffic to *.global is using mTLS -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-multicluster-destinationrule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gateway.name" . }} - chart: {{ template "gateway.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.global" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/gateways/templates/role.yaml b/charts/rancher-istio/1.5.920/charts/gateways/templates/role.yaml deleted file mode 100755 index 6ebfb3504..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/templates/role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/gateways/templates/rolebindings.yaml b/charts/rancher-istio/1.5.920/charts/gateways/templates/rolebindings.yaml deleted file mode 100755 index 7fdfe6e40..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/templates/rolebindings.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -{{- if $spec.sds }} -{{- if eq $spec.sds.enabled true }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $key }}-sds - namespace: {{ $spec.namespace | default $.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $key }}-sds -subjects: -- kind: ServiceAccount - name: {{ $key }}-service-account ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/gateways/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/gateways/templates/service.yaml deleted file mode 100755 index 9474f0476..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $key }} - namespace: {{ $spec.namespace | default $.Release.Namespace }} - annotations: - {{- range $key, $val := $spec.serviceAnnotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} -spec: -{{- if $spec.loadBalancerIP }} - loadBalancerIP: "{{ $spec.loadBalancerIP }}" -{{- end }} -{{- if $spec.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml $spec.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if $spec.externalTrafficPolicy }} - externalTrafficPolicy: {{$spec.externalTrafficPolicy }} -{{- end }} -{{- if $spec.externalIPs }} - externalIPs: -{{ toYaml $spec.externalIPs | indent 4 }} -{{- end }} - type: {{ .type }} - selector: - release: {{ $.Release.Name }} - {{- range $key, $val := $spec.labels }} - {{ $key }}: {{ $val }} - {{- end }} - ports: - {{- range $key, $val := $spec.ports }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- if $.Values.global.meshExpansion.enabled }} - {{- range $key, $val := $spec.meshExpansionPorts }} - - - {{- range $pkey, $pval := $val }} - {{ $pkey}}: {{ $pval }} - {{- end }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/gateways/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/gateways/templates/serviceaccount.yaml deleted file mode 100755 index d4f6938c1..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if ne $key "enabled" }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: ServiceAccount -{{- if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range $.Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ $key }}-service-account - namespace: {{ $spec.namespace | default $.Release.Namespace }} - labels: - app: {{ $spec.labels.app }} - chart: {{ template "gateway.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.920/charts/gateways/values.yaml b/charts/rancher-istio/1.5.920/charts/gateways/values.yaml deleted file mode 100755 index 69815e451..000000000 --- a/charts/rancher-istio/1.5.920/charts/gateways/values.yaml +++ /dev/null @@ -1,282 +0,0 @@ -# -# Gateways Configuration -# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. -# You can add more gateways in addition to the defaults but make sure those are uniquely named -# and that NodePorts are not conflicting. -# Disable specifc gateway by setting the `enabled` to false. -# -enabled: true - -istio-ingressgateway: - enabled: true - # - # Secret Discovery Service (SDS) configuration for ingress gateway. - # - sds: - # If true, ingress gateway fetches credentials from SDS server to handle TLS connections. - enabled: false - # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. - # This server runs in the same pod as ingress gateway. - image: node-agent-k8s - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - labels: - app: istio-ingressgateway - istio: ingressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - serviceAnnotations: {} - podAnnotations: {} - type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be - #externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out - ports: - ## You can add custom gateway ports - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - nodePort: 31380 - - port: 443 - name: https - nodePort: 31390 - # Example of a port to add. Remove if not needed - - port: 31400 - name: tcp - nodePort: 31400 - ### PORTS FOR UI/metrics ##### - ## Disable if not needed - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - #### MESH EXPANSION PORTS ######## - # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect - # to pilot/citadel if global.meshExpansion settings are enabled. - # Delete these ports if mesh expansion is not enabled, to avoid - # exposing unnecessary ports on the web. - # You can remove these ports if you are not using mesh expansion - meshExpansionPorts: - - port: 15011 - targetPort: 15011 - name: tcp-pilot-grpc-tls - - port: 15004 - targetPort: 15004 - name: tcp-mixer-grpc-tls - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - - port: 853 - targetPort: 853 - name: tcp-dns-tls - ####### end MESH EXPANSION PORTS ###### - ############## - secretVolumes: - - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - mountPath: /etc/istio/ingressgateway-certs - - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs - ### Advanced options ############ - - env: - # By default, a gateway is in "standard" mode. If the mode is set to "sni-dnat", - # pilot generates an additional - # set of clusters for internal services without Istio mTLS, to - # enable cross cluster routing. Enable when using multi-cluster routing. - ISTIO_META_ROUTER_MODE: "standard" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -istio-egressgateway: - enabled: false - labels: - app: istio-egressgateway - istio: egressgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - cpu: - targetAverageUtilization: 80 - serviceAnnotations: {} - podAnnotations: {} - type: ClusterIP #change to NodePort or LoadBalancer if need be - ports: - - port: 80 - name: http2 - - port: 443 - name: https - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - secretVolumes: - - name: egressgateway-certs - secretName: istio-egressgateway-certs - mountPath: /etc/istio/egressgateway-certs - - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - mountPath: /etc/istio/egressgateway-ca-certs - #### Advanced options ######## - env: - # Set this to "external" if and only if you want the egress gateway to - # act as a transparent SNI gateway that routes mTLS/TLS traffic to - # external services defined using service entries, where the service - # entry has resolution set to DNS, has one or more endpoints with - # network field set to "external". By default its set to "" so that - # the egress gateway sees the same set of endpoints as the sidecars - # preserving backward compatibility - # ISTIO_META_REQUESTED_NETWORK_VIEW: "" - - # By default, a gateway is in "standard" mode. If the mode is set to "sni-dnat", - # pilot generates an additional - # set of clusters for internal services but without Istio mTLS, to - # enable cross cluster routing. - ISTIO_META_ROUTER_MODE: "standard" - nodeSelector: {} - tolerations: [] - - # Specify the pod anti-affinity that allows you to constrain which nodes - # your pod is eligible to be scheduled based on labels on pods that are - # already running on the node rather than based on labels on nodes. - # There are currently two types of anti-affinity: - # "requiredDuringSchedulingIgnoredDuringExecution" - # "preferredDuringSchedulingIgnoredDuringExecution" - # which denote "hard" vs. "soft" requirements, you can define your values - # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" - # correspondingly. - # For example: - # podAntiAffinityLabelSelector: - # - key: security - # operator: In - # values: S1,S2 - # topologyKey: "kubernetes.io/hostname" - # This pod anti-affinity rule says that the pod requires not to be scheduled - # onto a node if that node is already running a pod with label having key - # "security" and value "S1". - podAntiAffinityLabelSelector: [] - podAntiAffinityTermLabelSelector: [] - -# Mesh ILB gateway creates a gateway of type InternalLoadBalancer, -# for mesh expansion. It exposes the mtls ports for Pilot,CA as well -# as non-mtls ports to support upgrades and gradual transition. -istio-ilbgateway: - enabled: false - labels: - app: istio-ilbgateway - istio: ilbgateway - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - # specify replicaCount when autoscaleEnabled: false - # replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - cpu: - targetAverageUtilization: 80 - resources: - requests: - cpu: 800m - memory: 512Mi - #limits: - # cpu: 1800m - # memory: 256Mi - loadBalancerIP: "" - serviceAnnotations: - cloud.google.com/load-balancer-type: "internal" - podAnnotations: {} - type: LoadBalancer - ports: - ## You can add custom gateway ports - google ILB default quota is 5 ports, - - port: 15011 - name: grpc-pilot-mtls - # Insecure port - only for migration from 0.8. Will be removed in 1.1 - - port: 15010 - name: grpc-pilot - - port: 8060 - targetPort: 8060 - name: tcp-citadel-grpc-tls - # Port 5353 is forwarded to kube-dns - - port: 5353 - name: tcp-dns - secretVolumes: - - name: ilbgateway-certs - secretName: istio-ilbgateway-certs - mountPath: /etc/istio/ilbgateway-certs - - name: ilbgateway-ca-certs - secretName: istio-ilbgateway-ca-certs - mountPath: /etc/istio/ilbgateway-ca-certs - nodeSelector: {} - tolerations: [] diff --git a/charts/rancher-istio/1.5.920/charts/grafana/Chart.yaml b/charts/rancher-istio/1.5.920/charts/grafana/Chart.yaml deleted file mode 100755 index ae7ce1b3a..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: A Helm chart for Kubernetes -name: grafana -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/citadel-dashboard.json b/charts/rancher-istio/1.5.920/charts/grafana/dashboards/citadel-dashboard.json deleted file mode 100755 index 7cb8e5b28..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/citadel-dashboard.json +++ /dev/null @@ -1,1089 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Performance", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "CPU usage across Citadel instances.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"citadel\", pod=~\"istio-citadel-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage rate", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Citadel CPU usage irate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Citadel process memory statistics.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Total", - "refId": "C" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Memory Allocated", - "refId": "E" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Heap Inuse", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Goroutines", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 28, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Total number of CSR requests made to Citadel.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Request Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates issuances that have succeeded.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Certificates Issued", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Certificates Issued", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 23, - "panels": [], - "title": "Errors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of errors occurred when creating the CSR.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 14 - }, - "id": 20, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Creation Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Creation Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 14 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "CSR Parse Error Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CSR Parse Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of authentication failures.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Authentication Failure Count", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 4, - "panels": [], - "title": "Secret Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates created due to service account creation.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Created", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Created (due to SA creation)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates deleted due to service account deletion.", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Deleted", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Deleted (due to SA deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The number of certificates recreated due to secret deletion (service account still exists).", - "fill": 1, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "SA Secrets Recreated", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Service Account Secrets Recreated (due to errant deletion)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "Certs Created", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Citadel Dashboard", - "uid": "OOyOqb4Wz", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/galley-dashboard.json b/charts/rancher-istio/1.5.920/charts/grafana/dashboards/galley-dashboard.json deleted file mode 100755 index 1cdb6a5b2..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/galley-dashboard.json +++ /dev/null @@ -1,1734 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"galley\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Galley Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 40, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "A" - }, - { - "expr": "process_resident_memory_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "B" - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "C" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F" - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "G" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "H" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total (kis)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}[1m])) by (container)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "galley (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FDs (galley)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }} ", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 44, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "goroutines_total", - "refId": "A" - }, - { - "expr": "istio_mcp_clients_total{component=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "clients_total", - "refId": "B" - }, - { - "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "avg_goroutines_per_client", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "panels": [], - "title": "Runtime", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Strategy Change Events", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Processed Events", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Snapshot Published", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Event Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max Time Reached", - "refId": "A" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Quiesce Reached", - "refId": "B" - }, - { - "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Timer Resets", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Timer Rates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 3, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P95", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events Per Snapshot", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 21 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ collection }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "State Type Instances", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Count", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 34, - "panels": [], - "title": "Validation", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 28 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "galley_validation_cert_key_updates{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Updates", - "refId": "A" - }, - { - "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Key Update Errors: {{ error }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation Webhook Certificate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 28 - }, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, version, resource)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", - "refId": "A" - }, - { - "expr": "sum(galley_validation_failed{job=\"galley\"}) by (group, version, resource, reason)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Validation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 28 - }, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Validation HTTP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 12, - "panels": [], - "title": "Kubernetes Source", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Success", - "refId": "A" - }, - { - "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Source Event Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Events/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 35 - }, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kubernetes Object Conversion Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Failures/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 18, - "panels": [], - "title": "Mesh Configuration Protocol", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 42 - }, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Clients", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connected Clients", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 42 - }, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request ACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "ACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 42 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request NACKs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "NACKs/min", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Galley Dashboard", - "uid": "TSEY6jLmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-mesh-dashboard.json b/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-mesh-dashboard.json deleted file mode 100755 index 1662e1f1d..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-mesh-dashboard.json +++ /dev/null @@ -1,1225 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 6 - }, - "id": 113, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_virtualservices) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Virtual Services", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 6 - }, - "id": 114, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_destinationrules) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Destination Rules", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 6 - }, - "id": 115, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_networking_gateways) / count(up{job=\"galley\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Gateways", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 6 - }, - "id": 116, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(galley_istio_authentication_meshpolicies) / count(up{job=\"galley\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Authentication Mesh Policies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Mesh Dashboard", - "uid": "G8wLrJIZk", - "version": 5 -} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-performance-dashboard.json b/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-performance-dashboard.json deleted file mode 100755 index 505043e54..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-performance-dashboard.json +++ /dev/null @@ -1,1822 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ component }}: {{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}[1m])) by (container)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m])) by (container)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Performance Dashboard", - "uid": "vu8e0VWZk", - "version": 22 -} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-service-dashboard.json b/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-service-dashboard.json deleted file mode 100755 index f4d58a296..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-service-dashboard.json +++ /dev/null @@ -1,2601 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Service Dashboard", - "uid": "LJ_uJAvmk", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-workload-dashboard.json b/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-workload-dashboard.json deleted file mode 100755 index 62ad1b5cf..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/istio-workload-dashboard.json +++ /dev/null @@ -1,2303 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} : {{ response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Workload Dashboard", - "uid": "UbsSZTDik", - "version": 1 -} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/mixer-dashboard.json b/charts/rancher-istio/1.5.920/charts/grafana/dashboards/mixer-dashboard.json deleted file mode 100755 index 6da44ec0a..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/mixer-dashboard.json +++ /dev/null @@ -1,1808 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.2.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1543881232533, - "links": [], - "panels": [ - { - "content": "

Deployed Versions

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "40", - "id": 62, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Mixer Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Resource Usage

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "40", - "id": 29, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 11 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory ({{ job }})", - "refId": "I" - }, - { - "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory ({{ job }})", - "refId": "H" - }, - { - "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc ({{ job }})", - "refId": "D" - }, - { - "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc ({{ job }})", - "refId": "F" - }, - { - "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use ({{ job }})", - "refId": "E" - }, - { - "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use ({{ job }})", - "refId": "G" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "C" - }, - { - "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }} (k8s)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 11 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} total (k8s)", - "refId": "A" - }, - { - "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container, pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }} (k8s)", - "refId": "B" - }, - { - "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{ job }} (self-reported)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs ({{ job }})", - "refId": "A" - }, - { - "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ service }} - {{ container }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 11 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines ({{ job }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Mixer Overview

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 18 - }, - "height": "40px", - "id": 30, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (Total)", - "refId": "B" - }, - { - "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "mixer ({{ grpc_server_method }})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "{}", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.5", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.9", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ grpc_server_method }} 0.99", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Error Rate (5xx responses)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mixer {{ grpc_method }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Non-successes (4xxs)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Adapters and Config

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 28, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p50", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p90 ", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ adapter }} - p99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Adapter Dispatch Duration", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 37 - }, - "id": 60, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Rules", - "refId": "A" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Config Errors", - "refId": "B" - }, - { - "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Match Errors", - "refId": "C" - }, - { - "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Unsatisfied Actions", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 37 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Instances", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Instances in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 37 - }, - "id": 54, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Handlers", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Handlers in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 37 - }, - "id": 58, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "Attributes", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Attributes in Latest Config", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "

Individual Adapters

", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 23, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 46, - "panels": [], - "repeat": "adapter", - "title": "$adapter Adapter", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ handler }} (error: {{ error }})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Count By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", - "refId": "A" - }, - { - "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", - "refId": "D" - }, - { - "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Dispatch Duration By Handler", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Adapter", - "multi": true, - "name": "adapter", - "options": [], - "query": "label_values(adapter)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio Mixer Dashboard", - "version": 4 -} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/pilot-dashboard.json b/charts/rancher-istio/1.5.920/charts/grafana/dashboards/pilot-dashboard.json deleted file mode 100755 index bdc7e720e..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/dashboards/pilot-dashboard.json +++ /dev/null @@ -1,1591 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "id": 11, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "Deployed Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Versions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 62, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"discovery\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (container)", - "refId": "B", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar (container)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"discovery\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Discovery (container)", - "refId": "A" - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Discovery (process)", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"istio-proxy\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Sidecar (container)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"discovery\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Discovery", - "refId": "B", - "step": 2 - }, - { - "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Sidecar", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 58, - "panels": [], - "title": "Pilot Push Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "description": "Shows the rate of pilot pushes", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 622, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "C" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Endpoints", - "refId": "D" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Listeners", - "refId": "A" - }, - { - "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Routes", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Pushes", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Captures a variety of pilot errors", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 67, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected CDS Configs", - "refId": "C" - }, - { - "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected EDS Configs", - "refId": "D" - }, - { - "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected RDS Configs", - "refId": "A" - }, - { - "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Rejected LDS Configs", - "refId": "B" - }, - { - "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Write Timeouts", - "refId": "F" - }, - { - "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Internal Errors", - "refId": "H" - }, - { - "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Config Rejection Rate", - "refId": "E" - }, - { - "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Context Errors", - "refId": "K" - }, - { - "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "L" - }, - { - "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Push Errors ({{ type }})", - "refId": "I" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts", - "refId": "G" - }, - { - "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Push Timeouts Failures", - "refId": "J" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pilot Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the total time it takes to push a config update to a proxy", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 624, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99.9", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Proxy Push Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 23 - }, - "id": 45, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Inbound Listeners", - "refId": "B" - }, - { - "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (http over current tcp)", - "refId": "A" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current tcp)", - "refId": "C" - }, - { - "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Outbound Listeners (tcp over current http)", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Conflicts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 23 - }, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "pilot_virt_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Virtual Services", - "refId": "A" - }, - { - "expr": "pilot_services{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Services", - "refId": "B" - }, - { - "expr": "pilot_xds{job=\"pilot\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Connected Endpoints", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ADS Monitoring", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "Prometheus", - "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 23 - }, - "id": 51, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": null, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "Clusters", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{cluster}}", - "refId": "B" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Clusters with no known endpoints", - "transform": "timeseries_aggregations", - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 64, - "panels": [], - "title": "Envoy Information", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows details about Envoy proxies in the mesh", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 32 - }, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connections", - "refId": "C" - }, - { - "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Connection Failures", - "refId": "A" - }, - { - "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Envoy Restarts", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Details", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 32 - }, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "XDS Active Connections", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "Shows the size of XDS requests and responses", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 32 - }, - "id": 42, - "legend": { - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Max", - "refId": "D" - }, - { - "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "XDS Response Bytes Average", - "refId": "B" - }, - { - "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Max", - "refId": "A" - }, - { - "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "XDS Request Bytes Average", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "XDS Requests Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Istio Pilot Dashboard", - "uid": "3--MLVZZk", - "version": 11 -} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.920/charts/grafana/fix_datasources.sh b/charts/rancher-istio/1.5.920/charts/grafana/fix_datasources.sh deleted file mode 100755 index d175bcacc..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/fix_datasources.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -UX=$(uname) - -for db in "${THIS_DIR}"/dashboards/*.json; do - if [[ ${UX} == "Darwin" ]]; then - # shellcheck disable=SC2016 - sed -i '' 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - else - # shellcheck disable=SC2016 - sed -i 's/${DS_PROMETHEUS}/Prometheus/g' "$db" - fi -done diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 9d4c59205..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/configmap-custom-resources.yaml b/charts/rancher-istio/1.5.920/charts/grafana/templates/configmap-custom-resources.yaml deleted file mode 100755 index b89bc0765..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/configmap-custom-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: - custom-resources.yaml: |- - {{- include "grafana-default.yaml.tpl" . | indent 4}} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/configmap-dashboards.yaml b/charts/rancher-istio/1.5.920/charts/grafana/templates/configmap-dashboards.yaml deleted file mode 100755 index dd1ab0d75..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/configmap-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $files := .Files }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana-configuration-dashboards-{{ $filename }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: grafana -data: - {{ base $path }}: '{{ $files.Get $path }}' ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/configmap.yaml b/charts/rancher-istio/1.5.920/charts/grafana/templates/configmap.yaml deleted file mode 100755 index c86efe1f4..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: grafana -data: -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.5.920/charts/grafana/templates/create-custom-resources-job.yaml deleted file mode 100755 index 64bf3e451..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-grafana-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-grafana-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-grafana-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-grafana-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-grafana-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-grafana-post-install - labels: - app: istio-grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-grafana-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/grafana" - name: tmp-configmap-grafana - volumes: - - name: tmp-configmap-grafana - configMap: - name: istio-grafana-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/grafana/templates/deployment.yaml deleted file mode 100755 index 9ad2a7f56..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - spec: - securityContext: - runAsUser: 472 - fsGroup: 472 -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 3000 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - env: - - name: GRAFANA_PORT - value: "3000" -{{- if .Values.security.enabled }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.usernameKey }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.security.secretName }} - key: {{ .Values.security.passphraseKey }} - - name: GF_AUTH_BASIC_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "false" - - name: GF_AUTH_DISABLE_LOGIN_FORM - value: "false" -{{- else }} - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin -{{- end }} - - name: GF_PATHS_DATA - value: /data/grafana - {{- range $key, $value := $.Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $secret := $.Values.envSecrets }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $secret }} - key: {{ $key | quote }} - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: /data/grafana - {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} - {{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - mountPath: "/var/lib/grafana/dashboards/istio/{{ base $path }}" - subPath: {{ base $path }} - readOnly: true - {{- end }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - volumes: - - name: config - configMap: - name: istio-grafana - - name: data -{{- if .Values.persist }} - persistentVolumeClaim: - claimName: istio-grafana-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} -{{- $filename := trimSuffix (ext $path) (base $path) }} - - name: dashboards-istio-{{ $filename }} - configMap: - name: istio-grafana-configuration-dashboards-{{ $filename }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/grafana-ports-mtls.yaml b/charts/rancher-istio/1.5.920/charts/grafana/templates/grafana-ports-mtls.yaml deleted file mode 100755 index b9a392651..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/grafana-ports-mtls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ define "grafana-default.yaml.tpl" }} -apiVersion: authentication.istio.io/v1alpha1 -kind: Policy -metadata: - name: grafana-ports-mtls-disabled - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - targets: - - name: grafana - ports: - - number: {{ .Values.service.externalPort }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/ingress.yaml b/charts/rancher-istio/1.5.920/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 0ebe71f61..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: grafana - servicePort: 3000 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/pvc.yaml b/charts/rancher-istio/1.5.920/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e376a13a5..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-grafana-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.storageClassName }} - accessModes: - - {{ .Values.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/grafana/templates/service.yaml deleted file mode 100755 index b206679c3..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: 3000 - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: grafana -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - {{if .Values.service.loadBalancerSourceRanges}} - loadBalancerSourceRanges: - {{range $rangeList := .Values.service.loadBalancerSourceRanges}} - - {{ $rangeList }} - {{end}} - {{end}} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.5.920/charts/grafana/templates/tests/test-grafana-connection.yaml deleted file mode 100755 index 7c8d1944b..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: grafana-test - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: grafana - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "grafana.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/grafana/values.yaml b/charts/rancher-istio/1.5.920/charts/grafana/values.yaml deleted file mode 100755 index 7b977c1e7..000000000 --- a/charts/rancher-istio/1.5.920/charts/grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# -# addon grafana configuration -# -enabled: false -replicaCount: 1 -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - grafana.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: grafana-tls - # hosts: - # - grafana.local -persist: false -storageClassName: "" -accessMode: ReadWriteMany -security: - enabled: false - secretName: grafana - usernameKey: username - passphraseKey: passphrase -nodeSelector: {} -tolerations: [] - -env: {} - # Define additional environment variables for configuring grafana. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # Format: env_variable_name: value - # For example: - # GF_SMTP_ENABLED: true - # GF_SMTP_HOST: email-smtp.eu-west-1.amazonaws.com:2587 - # GF_SMTP_FROM_ADDRESS: alerts@mydomain.com - # GF_SMTP_FROM_NAME: Grafana - -envSecrets: {} - # The key name and ENV name must match in the secrets file. - # @see https://grafana.com/docs/installation/configuration/#using-environment-variables - # For example: - # --- - # apiVersion: v1 - # kind: Secret - # metadata: - # name: grafana-secrets - # namespace: istio-system - # data: - # GF_SMTP_USER: bXl1c2Vy - # GF_SMTP_PASSWORD: bXlwYXNzd29yZA== - # type: Opaque - # --- - # env_variable_key_name: secretsName - # --- - # GF_SMTP_USER: grafana-secrets - # GF_SMTP_PASSWORD: grafana-secrets - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -contextPath: /grafana -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 3000 - loadBalancerIP: - loadBalancerSourceRanges: [] - -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - orgId: 1 - url: http://prometheus:9090 - access: proxy - isDefault: true - jsonData: - timeInterval: 5s - editable: true - -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'istio' - orgId: 1 - folder: 'istio' - type: file - disableDeletion: false - options: - path: /var/lib/grafana/dashboards/istio diff --git a/charts/rancher-istio/1.5.920/charts/istiocoredns/Chart.yaml b/charts/rancher-istio/1.5.920/charts/istiocoredns/Chart.yaml deleted file mode 100755 index e5ce58b24..000000000 --- a/charts/rancher-istio/1.5.920/charts/istiocoredns/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "0.1" -description: Istio CoreDNS provides DNS resolution for services in multicluster setups. -name: istiocoredns -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/_helpers.tpl deleted file mode 100755 index e7add11bb..000000000 --- a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istiocoredns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istiocoredns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istiocoredns.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/clusterrole.yaml b/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/clusterrole.yaml deleted file mode 100755 index 4242a327f..000000000 --- a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiocoredns - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["networking.istio.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/clusterrolebinding.yaml deleted file mode 100755 index bafd0ca3b..000000000 --- a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiocoredns -subjects: -- kind: ServiceAccount - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/configmap.yaml deleted file mode 100755 index 925626f6b..000000000 --- a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - Corefile: | - .:53 { - errors - health - {{ if eq -1 (semver .Values.coreDNSTag | (semver "1.4.0").Compare) }} - # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ - grpc global 127.0.0.1:8053 - forward . /etc/resolv.conf { - except global - } - {{ else }} - proxy global 127.0.0.1:8053 { - protocol grpc insecure - } - proxy . /etc/resolv.conf - {{ end }} - prometheus :9153 - cache 30 - reload - } ---- diff --git a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/deployment.yaml deleted file mode 100755 index 4af0a2256..000000000 --- a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: istiocoredns - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - name: istiocoredns - labels: - app: istiocoredns - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istiocoredns-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: coredns - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - - name: istio-coredns-plugin - command: - - /usr/local/bin/plugin - image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 8053 - name: dns-grpc - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/service.yaml deleted file mode 100755 index a6311017c..000000000 --- a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istiocoredns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: istiocoredns - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/serviceaccount.yaml deleted file mode 100755 index e2627cf45..000000000 --- a/charts/rancher-istio/1.5.920/charts/istiocoredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istiocoredns-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istiocoredns.name" . }} - chart: {{ template "istiocoredns.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.920/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.5.920/charts/istiocoredns/values.yaml deleted file mode 100755 index 6b31219cc..000000000 --- a/charts/rancher-istio/1.5.920/charts/istiocoredns/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# addon istiocoredns tracing configuration -# -enabled: false -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -coreDNSImage: coredns/coredns -coreDNSTag: 1.6.2 -# Source code for the plugin can be found at -# https://github.com/istio-ecosystem/istio-coredns-plugin -# The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -coreDNSPluginImage: istio/coredns-plugin:0.2-istio-1.1 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.920/charts/kiali/Chart.yaml b/charts/rancher-istio/1.5.920/charts/kiali/Chart.yaml deleted file mode 100755 index d6081dd21..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.1 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -name: kiali -tillerVersion: '>=2.7.2' -version: 1.9.1 diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/kiali/templates/_helpers.tpl deleted file mode 100755 index 6b0095769..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kiali.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kiali.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/clusterrole.yaml b/charts/rancher-istio/1.5.920/charts/kiali/templates/clusterrole.yaml deleted file mode 100755 index 8ad6e9756..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kiali-viewer - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - namespaces - - nodes - - pods - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: ["extensions", "apps"] - resources: - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - config.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["monitoring.kiali.io"] - resources: - - monitoringdashboards - verbs: - - get - - list diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.920/charts/kiali/templates/clusterrolebinding.yaml deleted file mode 100755 index 881796716..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.dashboard.viewOnlyMode }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kiali-viewer-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kiali-viewer -subjects: -- kind: ServiceAccount - name: kiali-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/1.5.920/charts/kiali/templates/configmap.yaml deleted file mode 100755 index 44c9dd199..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yaml: | - istio_namespace: {{ .Release.Namespace }} - deployment: - accessible_namespaces: ['**'] - login_token: - signing_key: {{ randAlphaNum 10 | quote }} - auth: - strategy: {{ .Values.dashboard.auth.strategy }} -{{- if eq .Values.dashboard.auth.strategy "ldap" }} - ldap: -{{- with .Values.dashboard.auth.strategy.ldap }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} - server: - port: 20001 -{{- if .Values.contextPath }} - web_root: {{ .Values.contextPath }} -{{- end }} - external_services: - tracing: - url: {{ .Values.dashboard.jaegerURL }} - in_cluster_url: {{ .Values.dashboard.jaegerInClusterURL }} - grafana: - url: {{ .Values.dashboard.grafanaURL }} - in_cluster_url: {{ .Values.dashboard.grafanaInClusterURL }} - prometheus: - url: {{ .Values.prometheusAddr }} -{{- if .Values.security.enabled }} - identity: - cert_file: {{ .Values.security.cert_file }} - private_key_file: {{ .Values.security.private_key_file }} -{{- end}} diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/demosecret.yaml b/charts/rancher-istio/1.5.920/charts/kiali/templates/demosecret.yaml deleted file mode 100755 index ad44298c3..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/demosecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.createDemoSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.dashboard.secretName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - username: YWRtaW4= # admin - passphrase: YWRtaW4= # admin -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/kiali/templates/deployment.yaml deleted file mode 100755 index d0624ef08..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: kiali - template: - metadata: - name: kiali - labels: - app: kiali - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - kiali.io/runtimes: go,kiali - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: kiali-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - name: kiali - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - - "-v" - - "3" - readinessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ .Values.contextPath }}/healthz - port: 20001 - scheme: {{ if .Values.security.enabled }} 'HTTPS' {{ else }} 'HTTP' {{ end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: kiali-configuration - mountPath: "/kiali-configuration" - - name: kiali-cert - mountPath: "/kiali-cert" - - name: kiali-secret - mountPath: "/kiali-secret" - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumes: - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - - name: kiali-configuration - configMap: - name: kiali - - name: kiali-cert - secret: - secretName: istio.kiali-service-account -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - - name: kiali-secret - secret: - secretName: {{ .Values.dashboard.secretName }} - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/1.5.920/charts/kiali/templates/ingress.yaml deleted file mode 100755 index 2e2a0de3a..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: kiali - servicePort: 20001 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/kiali-console-configmap.yaml b/charts/rancher-istio/1.5.920/charts/kiali/templates/kiali-console-configmap.yaml deleted file mode 100644 index 49c68eba0..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/kiali-console-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.rancher.clusterId }}/api/v1/namespaces/istio-system/services/http:kiali:20001/proxy'; \ No newline at end of file diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/kiali/templates/service.yaml deleted file mode 100755 index 1aa79bfdb..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kiali - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: http-kiali - protocol: TCP - port: 20001 - selector: - app: kiali diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/kiali/templates/serviceaccount.yaml deleted file mode 100755 index 2ae38a1ab..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: kiali-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "kiali.name" . }} - chart: {{ template "kiali.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.920/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.5.920/charts/kiali/templates/tests/test-kiali-connection.yaml deleted file mode 100755 index e2a1ff671..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/templates/tests/test-kiali-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "kiali.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: kiali-test - chart: {{ template "kiali.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: kiali - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "kiali.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - args: ['http://kiali:20001'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/kiali/values.yaml b/charts/rancher-istio/1.5.920/charts/kiali/values.yaml deleted file mode 100755 index af167baf3..000000000 --- a/charts/rancher-istio/1.5.920/charts/kiali/values.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# -# addon kiali -# -enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. -replicaCount: 1 -hub: quay.io/kiali -image: kiali -tag: v1.15 -contextPath: /kiali # The root context path to access the Kiali UI. -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - kiali.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: kiali-tls - # hosts: - # - kiali.local - -dashboard: - auth: - strategy: login # Can be anonymous, login, openshift, or ldap - # ldap: # This is required to use the ldap strategy - # ldap_base: "DC=example,DC=com" - # ldap_bind_dn: "CN={USERID},OU=xyz,OU=Users,OU=Accounts,DC=example,DC=com" - # ldap_group_filter: "(cn=%s)" - # ldap_host: "ldap-service.ldap-namespace" - # ldap_insecure_skip_verify: true - # ldap_mail_id_key: "mail" - # ldap_member_of_key: "memberOf" - # ldap_port: 123 - # ldap_role_filter: ".*xyz.*" - # ldap_search_filter: "(&(name={USERID}))" - # ldap_use_ssl: false - # ldap_user_filter: "(cn=%s)" - # ldap_user_id_key: "cn" - secretName: kiali # You must create a secret with this name - one is not provided out-of-box. - viewOnlyMode: false # Bind the service account to a role with only read access - grafanaURL: # If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown. - grafanaInClusterURL: "http://grafana:3000" # In Kubernetes cluster with ELB in front this option is needed, since public IP of ELB is not reachable from inside the cluster - jaegerURL: # If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown. - jaegerInClusterURL: "http://tracing/jaeger" # If you have Jaeger installed and accessible from Kiali pod (typically in cluster), then set this property to enable more tracing charts within Kiali. -prometheusAddr: http://prometheus:9090 - -# When true, a secret will be created with a default username and password. Useful for demos. -createDemoSecret: false - -security: - enabled: false - cert_file: /kiali-cert/cert-chain.pem - private_key_file: /kiali-cert/key.pem diff --git a/charts/rancher-istio/1.5.920/charts/mixer/Chart.yaml b/charts/rancher-istio/1.5.920/charts/mixer/Chart.yaml deleted file mode 100755 index be98709c3..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for mixer deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- mixer -name: mixer -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/mixer/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/mixer/templates/_helpers.tpl deleted file mode 100755 index dac6da036..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mixer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mixer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mixer.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/mixer/templates/autoscale.yaml b/charts/rancher-istio/1.5.920/charts/mixer/templates/autoscale.yaml deleted file mode 100755 index 377b47d03..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/templates/autoscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -spec: - maxReplicas: {{ $spec.autoscaleMax }} - minReplicas: {{ $spec.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-{{ $key }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/mixer/templates/clusterrole.yaml b/charts/rancher-istio/1.5.920/charts/mixer/templates/clusterrole.yaml deleted file mode 100755 index 3d7438f2d..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-mixer-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["config.istio.io"] # istio CRD watcher - resources: ["*"] - verbs: ["create", "get", "list", "watch", "patch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/mixer/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.920/charts/mixer/templates/clusterrolebinding.yaml deleted file mode 100755 index 773e68b34..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-mixer-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/mixer/templates/config.yaml b/charts/rancher-istio/1.5.920/charts/mixer/templates/config.yaml deleted file mode 100755 index e2ef31d38..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/templates/config.yaml +++ /dev/null @@ -1,1084 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: istioproxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.url_path: - valueType: STRING - request.query_params: - valueType: STRING_MAP - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.total_size: - valueType: INT64 - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - response.grpc_status: - valueType: STRING - response.grpc_message: - valueType: STRING - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.uid: - valueType: STRING - destination.principal: - valueType: STRING - destination.port: - valueType: INT64 - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.proxy_error_code: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - # Deprecated, kept for compatibility - context.reporter.local: - valueType: BOOL - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.api_key: - valueType: STRING - rbac.permissive.response_code: - valueType: STRING - rbac.permissive.effective_policy_id: - valueType: STRING - check.error_code: - valueType: INT64 - check.error_message: - valueType: STRING - check.cache_hit: - valueType: BOOL - quota.cache_hit: - valueType: BOOL - context.proxy_version: - valueType: STRING - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: attributemanifest -metadata: - name: kubernetes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.metadata: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.owner: - valueType: STRING - destination.name: - valueType: STRING - destination.container.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING ---- -{{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: stdio - params: - outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: accesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: request.time - variables: - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | request.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - apiClaims: request.auth.raw_claims | "" - apiKey: request.api_key | request.headers["x-api-key"] | "" - protocol: api.protocol | context.protocol | "http" - method: request.method | "" - url: request.path | "" - responseCode: response.code | 0 - responseFlags: context.proxy_error_code | "" - responseSize: response.size | 0 - permissiveResponseCode: rbac.permissive.response_code | "none" - permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" - requestSize: request.size | 0 - requestId: request.headers["x-request-id"] | "" - clientTraceId: request.headers["x-client-trace-id"] | "" - latency: response.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - userAgent: request.useragent | "" - responseTimestamp: response.time - receivedBytes: request.total_size | 0 - sentBytes: response.total_size | 0 - referer: request.referer | "" - httpAuthority: request.headers[":authority"] | request.host | "" - xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - grpcStatus: response.grpc_status | "" - grpcMessage: response.grpc_message | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpaccesslog - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: logentry - params: - severity: '"Info"' - timestamp: context.time | timestamp("2017-01-01T00:00:00Z") - variables: - connectionEvent: connection.event | "" - sourceIp: source.ip | ip("0.0.0.0") - sourceApp: source.labels["app"] | "" - sourcePrincipal: source.principal | "" - sourceName: source.name | "" - sourceWorkload: source.workload.name | "" - sourceNamespace: source.namespace | "" - sourceOwner: source.owner | "" - destinationApp: destination.labels["app"] | "" - destinationIp: destination.ip | ip("0.0.0.0") - destinationServiceHost: destination.service.host | "" - destinationWorkload: destination.workload.name | "" - destinationName: destination.name | "" - destinationNamespace: destination.namespace | "" - destinationOwner: destination.owner | "" - destinationPrincipal: destination.principal | "" - protocol: context.protocol | "tcp" - connectionDuration: connection.duration | "0ms" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - requestedServerName: connection.requested_server_name | "" - receivedBytes: connection.received.bytes | 0 - sentBytes: connection.sent.bytes | 0 - totalReceivedBytes: connection.received.bytes_total | 0 - totalSentBytes: connection.sent.bytes_total | 0 - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - responseFlags: context.proxy_error_code | "" - monitored_resource_type: '"global"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "http" || context.protocol == "grpc" - actions: - - handler: stdio - instances: - - accesslog ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: stdiotcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: stdio - instances: - - tcpaccesslog -{{- end }} ---- -{{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestcount - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestduration - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: requestsize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: request.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: responsesize - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: response.size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - request_protocol: api.protocol | context.protocol | "unknown" - response_code: response.code | 200 - grpc_response_status: response.grpc_status | "" - response_flags: context.proxy_error_code | "-" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytesent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpbytereceived - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsopened - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: metric - params: - value: "1" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") - source_workload: source.workload.name | "unknown" - source_workload_namespace: source.workload.namespace | "unknown" - source_principal: source.principal | "unknown" - source_app: source.labels["app"] | "unknown" - source_version: source.labels["version"] | "unknown" - destination_workload: destination.workload.name | "unknown" - destination_workload_namespace: destination.workload.namespace | "unknown" - destination_principal: destination.principal | "unknown" - destination_app: destination.labels["app"] | "unknown" - destination_version: destination.labels["version"] | "unknown" - destination_service: destination.service.host | "unknown" - destination_service_name: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) - response_flags: context.proxy_error_code | "-" - monitored_resource_type: '"UNSPECIFIED"' ---- -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: prometheus - params: - metricsExpirationPolicy: - metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" - metrics: - - name: requests_total - instance_name: requestcount.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - - name: request_duration_seconds - instance_name: requestduration.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - explicit_buckets: - bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - - name: request_bytes - instance_name: requestsize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: response_bytes - instance_name: responsesize.instance.{{ .Release.Namespace }} - kind: DISTRIBUTION - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - request_protocol - - response_code - - grpc_response_status - - response_flags - - connection_security_policy - buckets: - exponentialBuckets: - numFiniteBuckets: 8 - scale: 1 - growthFactor: 10 - - name: tcp_sent_bytes_total - instance_name: tcpbytesent.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_received_bytes_total - instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_opened_total - instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags - - name: tcp_connections_closed_total - instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} - kind: COUNTER - label_names: - - reporter - - source_app - - source_principal - - source_workload - - source_workload_namespace - - source_version - - destination_app - - destination_principal - - destination_workload - - destination_workload_namespace - - destination_version - - destination_service - - destination_service_name - - destination_service_namespace - - connection_security_policy - - response_flags ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promhttp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) - actions: - - handler: prometheus - instances: - - requestcount - - requestduration - - requestsize - - responsesize ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcp - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: prometheus - instances: - - tcpbytesent - - tcpbytereceived ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionopen - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "open") - actions: - - handler: prometheus - instances: - - tcpconnectionsopened ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: promtcpconnectionclosed - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" && ((connection.event | "na") == "close") - actions: - - handler: prometheus - instances: - - tcpconnectionsclosed -{{- end }} ---- -{{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} -apiVersion: "config.istio.io/v1alpha2" -kind: handler -metadata: - name: kubernetesenv - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledAdapter: kubernetesenv - params: {} - # when running from mixer root, use the following config after adding a - # symbolic link to a kubernetes config file via: - # - # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig - # - # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" - ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: kubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: rule -metadata: - name: tcpkubeattrgenrulerule - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - match: context.protocol == "tcp" - actions: - - handler: kubernetesenv - instances: - - attributes ---- -apiVersion: "config.istio.io/v1alpha2" -kind: instance -metadata: - name: attributes - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - compiledTemplate: kubernetes - params: - # Pass the required attribute data to the adapter - source_uid: source.uid | "" - source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr - destination_uid: destination.uid | "" - destination_port: destination.port | 0 - attributeBindings: - # Fill the new attributes from the adapter produced output. - # $out refers to an instance of OutputTemplate message - source.ip: $out.source_pod_ip | ip("0.0.0.0") - source.uid: $out.source_pod_uid | "unknown" - source.labels: $out.source_labels | emptyStringMap() - source.name: $out.source_pod_name | "unknown" - source.namespace: $out.source_namespace | "default" - source.owner: $out.source_owner | "unknown" - source.serviceAccount: $out.source_service_account_name | "unknown" - source.workload.uid: $out.source_workload_uid | "unknown" - source.workload.name: $out.source_workload_name | "unknown" - source.workload.namespace: $out.source_workload_namespace | "unknown" - destination.ip: $out.destination_pod_ip | ip("0.0.0.0") - destination.uid: $out.destination_pod_uid | "unknown" - destination.labels: $out.destination_labels | emptyStringMap() - destination.name: $out.destination_pod_name | "unknown" - destination.container.name: $out.destination_container_name | "unknown" - destination.namespace: $out.destination_namespace | "default" - destination.owner: $out.destination_owner | "unknown" - destination.serviceAccount: $out.destination_service_account_name | "unknown" - destination.workload.uid: $out.destination_workload_uid | "unknown" - destination.workload.name: $out.destination_workload_name | "unknown" - destination.workload.namespace: $out.destination_workload_namespace | "unknown" -{{- end }} ---- -{{- if .Values.policy.enabled }} -# Configuration needed by Mixer. -# Mixer cluster is delivered via CDS -# Specify mixer cluster settings -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- if .Values.telemetry.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - portLevelSettings: - - port: - number: 15004 # grpc-mixer-mtls - tls: - mode: ISTIO_MUTUAL - - port: - number: 9091 # grpc-mixer - tls: - mode: DISABLE - connectionPool: - http: - http2MaxRequests: 10000 - maxRequestsPerConnection: 10000 -{{- end }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/mixer/templates/deployment.yaml deleted file mode 100755 index 5b7dc3a89..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/templates/deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- define "policy_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: policy-adapter-secret - secret: - secretName: policy-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.policy.resources }} -{{ toYaml .Values.policy.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ $.Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-policy - - --templateFile - - /etc/istio/proxy/envoy_policy.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.trustDomain }} - - --trust-domain={{ $.Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock - - name: policy-adapter-secret - mountPath: /var/run/secrets/istio.io/policy/adapter - readOnly: true -{{- end }} - -{{- define "telemetry_container" }} - spec: - serviceAccountName: istio-mixer-service-account -{{- if $.Values.global.priorityClassName }} - priorityClassName: "{{ $.Values.global.priorityClassName }}" -{{- end }} - volumes: - - name: istio-certs - secret: - secretName: istio.istio-mixer-service-account - optional: true - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: uds-socket - emptyDir: {} - - name: telemetry-adapter-secret - secret: - secretName: telemetry-adapter-secret - optional: true - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - containers: - - name: mixer - image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.global.monitoringPort }} - - containerPort: 42422 - args: - - --monitoringPort={{ .Values.global.monitoringPort }} - - --address - - unix:///sock/mixer.socket -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} -{{- if $.Values.global.useMCP }} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --configStoreURL=mcps://istio-galley.{{ $.Release.Namespace }}.svc:9901 - - --certFile=/etc/certs/cert-chain.pem - - --keyFile=/etc/certs/key.pem - - --caCertFile=/etc/certs/root-cert.pem - {{- else }} - - --configStoreURL=mcp://istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- end }} -{{- else }} - - --configStoreURL=k8s:// -{{- end }} - - --configDefaultNamespace={{ $.Release.Namespace }} - {{- if $.Values.adapters.useAdapterCRDs }} - - --useAdapterCRDs=true - {{- else }} - - --useAdapterCRDs=false - {{- end }} - - --useTemplateCRDs=false - {{- if $.Values.global.tracer.zipkin.address }} - - --trace_zipkin_url=http://{{- $.Values.global.tracer.zipkin.address }}/api/v1/spans - {{- else }} - - --trace_zipkin_url=http://zipkin.{{ $.Release.Namespace }}:9411/api/v1/spans - {{- end }} - - --averageLatencyThreshold - - {{ $.Values.telemetry.loadshedding.latencyThreshold }} - - --loadsheddingMode - - {{ $.Values.telemetry.loadshedding.mode }} - {{- if .Values.env }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - resources: -{{- if .Values.telemetry.resources }} -{{ toYaml .Values.telemetry.resources | indent 10 }} -{{- else if .Values.resources }} -{{ toYaml .Values.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: -{{- if $.Values.global.useMCP }} - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- end }} - - name: telemetry-adapter-secret - mountPath: /var/run/secrets/istio.io/telemetry/adapter - readOnly: true - - name: uds-socket - mountPath: /sock - livenessProbe: - httpGet: - path: /version - port: {{ .Values.global.monitoringPort }} - initialDelaySeconds: 5 - periodSeconds: 5 - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" - imagePullPolicy: {{ $.Values.global.imagePullPolicy }} - ports: - - containerPort: 9091 - - containerPort: 15004 - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-telemetry - - --templateFile - - /etc/istio/proxy/envoy_telemetry.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled }} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if $.Values.global.proxy.resources }} -{{ toYaml $.Values.global.proxy.resources | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 10 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} - - name: uds-socket - mountPath: /sock -{{- end }} - - -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: istio-mixer - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: -{{- if not $spec.autoscaleEnabled }} -{{- if $spec.replicaCount }} - replicas: {{ $spec.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ $spec.rollingMaxSurge }} - maxUnavailable: {{ $spec.rollingMaxUnavailable }} - selector: - matchLabels: - istio: mixer - istio-mixer-type: {{ $key }} - template: - metadata: - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} - annotations: - sidecar.istio.io/inject: "false" -{{- with $.Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- if eq $key "policy"}} -{{- template "policy_container" $ }} -{{- else }} -{{- template "telemetry_container" $ }} -{{- end }} - ---- -{{- end }} -{{- end }} -{{- end }} {{/* range */}} diff --git a/charts/rancher-istio/1.5.920/charts/mixer/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.920/charts/mixer/templates/poddisruptionbudget.yaml deleted file mode 100755 index 35bbc40d7..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -{{- if $.Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - labels: - app: {{ $key }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - version: {{ $.Chart.Version }} - istio: mixer - istio-mixer-type: {{ $key }} -spec: -{{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ $key }} - release: {{ $.Release.Name }} - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/mixer/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/mixer/templates/service.yaml deleted file mode 100755 index 79cc4a582..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $key, $spec := .Values }} -{{- if or (eq $key "policy") (eq $key "telemetry") }} -{{- if $spec.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istio-{{ $key }} - namespace: {{ $.Release.Namespace }} - annotations: - networking.istio.io/exportTo: "*" - labels: - app: {{ template "mixer.name" $ }} - chart: {{ template "mixer.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} - istio: mixer -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: {{ $.Values.global.monitoringPort }} -{{- if eq $key "telemetry" }} - - name: prometheus - port: 42422 -{{- if $spec.sessionAffinityEnabled }} - sessionAffinity: ClientIP -{{- end }} -{{- end }} - selector: - istio: mixer - istio-mixer-type: {{ $key }} ---- -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.920/charts/mixer/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/mixer/templates/serviceaccount.yaml deleted file mode 100755 index 9d3da7dd6..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-mixer-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "mixer.name" . }} - chart: {{ template "mixer.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/mixer/values.yaml b/charts/rancher-istio/1.5.920/charts/mixer/values.yaml deleted file mode 100755 index d335c36c3..000000000 --- a/charts/rancher-istio/1.5.920/charts/mixer/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# -# mixer configuration -# -image: mixer - -env: - # max procs should be ceil(cpu limit + 1) - GOMAXPROCS: "6" - -policy: - # if policy is enabled, global.disablePolicyChecks has affect. - enabled: false - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - -telemetry: - enabled: true - replicaCount: 1 - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - cpu: - targetAverageUtilization: 80 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - sessionAffinityEnabled: false - - # mixer load shedding configuration. - # When mixer detects that it is overloaded, it starts rejecting grpc requests. - loadshedding: - # disabled, logonly or enforce - mode: enforce - # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. - latencyThreshold: 100ms - resources: - requests: - cpu: 1000m - memory: 1G - limits: - # It is best to do horizontal scaling of mixer using moderate cpu allocation. - # We have experimentally found that these values work well. - cpu: 4800m - memory: 4G - - # Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). - # A positive value indicates the number of requests that are batched before telemetry data - # is sent to the mixer server - reportBatchMaxEntries: 100 - - # Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). - # A positive time value indicates the maximum wait time since the last request will telemetry data - # be batched before being sent to the mixer server - reportBatchMaxTime: 1s - -podAnnotations: {} -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -adapters: - kubernetesenv: - enabled: true - - # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. - stdio: - enabled: false - outputAsJson: true - prometheus: - enabled: true - metricsExpiryDuration: 10m - # Setting this to false sets the useAdapterCRDs mixer startup argument to false - useAdapterCRDs: false diff --git a/charts/rancher-istio/1.5.920/charts/nodeagent/Chart.yaml b/charts/rancher-istio/1.5.920/charts/nodeagent/Chart.yaml deleted file mode 100755 index 1b7f95236..000000000 --- a/charts/rancher-istio/1.5.920/charts/nodeagent/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for nodeagent deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- nodeagent -name: nodeagent -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/nodeagent/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/nodeagent/templates/_helpers.tpl deleted file mode 100755 index fda6043d0..000000000 --- a/charts/rancher-istio/1.5.920/charts/nodeagent/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodeagent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nodeagent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodeagent.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/nodeagent/templates/clusterrole.yaml b/charts/rancher-istio/1.5.920/charts/nodeagent/templates/clusterrole.yaml deleted file mode 100755 index 8e4ab6d32..000000000 --- a/charts/rancher-istio/1.5.920/charts/nodeagent/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.5.920/charts/nodeagent/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.920/charts/nodeagent/templates/clusterrolebinding.yaml deleted file mode 100755 index 591e48212..000000000 --- a/charts/rancher-istio/1.5.920/charts/nodeagent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-nodeagent-{{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-nodeagent-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.920/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.5.920/charts/nodeagent/templates/daemonset.yaml deleted file mode 100755 index a4d2463d6..000000000 --- a/charts/rancher-istio/1.5.920/charts/nodeagent/templates/daemonset.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: istio-nodeagent - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent -spec: - selector: - matchLabels: - istio: nodeagent - template: - metadata: - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: nodeagent - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-nodeagent-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: nodeagent - image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - volumeMounts: - - mountPath: /var/run/sds - name: sdsudspath - env: - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - - name: "TRUST_DOMAIN" - value: "{{ .Values.global.trustDomain }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: sdsudspath - hostPath: - path: /var/run/sds - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} - updateStrategy: - type: RollingUpdate diff --git a/charts/rancher-istio/1.5.920/charts/nodeagent/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/nodeagent/templates/serviceaccount.yaml deleted file mode 100755 index 86853d7e0..000000000 --- a/charts/rancher-istio/1.5.920/charts/nodeagent/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-nodeagent-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "nodeagent.name" . }} - chart: {{ template "nodeagent.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.920/charts/nodeagent/values.yaml b/charts/rancher-istio/1.5.920/charts/nodeagent/values.yaml deleted file mode 100755 index 3e1c09045..000000000 --- a/charts/rancher-istio/1.5.920/charts/nodeagent/values.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# nodeagent configuration -# -enabled: false -image: node-agent-k8s -env: - # name of authentication provider. - CA_PROVIDER: "Citadel" - # CA endpoint. - CA_ADDR: "istio-citadel:8060" - # names of authentication provider's plugins. - PLUGINS: "" - VALID_TOKEN: true -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.920/charts/pilot/Chart.yaml b/charts/rancher-istio/1.5.920/charts/pilot/Chart.yaml deleted file mode 100755 index 559a7a852..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for pilot deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- pilot -name: pilot -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/pilot/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/pilot/templates/_helpers.tpl deleted file mode 100755 index c812c3709..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "pilot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pilot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pilot.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/pilot/templates/autoscale.yaml b/charts/rancher-istio/1.5.920/charts/pilot/templates/autoscale.yaml deleted file mode 100755 index 1a9945136..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/templates/autoscale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istio-pilot - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} ---- -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/pilot/templates/clusterrole.yaml b/charts/rancher-istio/1.5.920/charts/pilot/templates/clusterrole.yaml deleted file mode 100755 index d149176a9..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/templates/clusterrole.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: - - config.istio.io - - rbac.istio.io - - security.istio.io - - networking.istio.io - - authentication.istio.io - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: ["ingresses", "ingresses/status"] - verbs: ["*"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "namespaces", "nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete"] diff --git a/charts/rancher-istio/1.5.920/charts/pilot/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.920/charts/pilot/templates/clusterrolebinding.yaml deleted file mode 100755 index ef9281ca8..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-pilot-{{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-pilot-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.920/charts/pilot/templates/configmap.yaml b/charts/rancher-istio/1.5.920/charts/pilot/templates/configmap.yaml deleted file mode 100755 index 3fe514395..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-jwks-extra-cacerts - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/pilot/templates/deployment.yaml deleted file mode 100755 index 7e7cd2b97..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/templates/deployment.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - # TODO: default template doesn't have this, which one is right ? - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- else }} - replicas: 1 -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - istio: pilot - template: - metadata: - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-pilot-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: discovery - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - "discovery" - - --monitoringAddr=:{{ .Values.global.monitoringPort }} -{{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} -{{- end}} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.global.oneNamespace }} - - "-a" - - {{ .Release.Namespace }} -{{- end }} -{{- if and $.Values.global.controlPlaneSecurityEnabled (not .Values.sidecar)}} - - --secureGrpcAddr - - ":15011" -{{- else }} - - --secureGrpcAddr - - "" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" - ports: - - containerPort: 8080 - - containerPort: 15010 -{{- if not .Values.sidecar }} - - containerPort: 15011 -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "{{ .Values.enableProtocolSniffingForOutbound }}" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "{{ .Values.enableProtocolSniffingForInbound }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - - name: istio-certs - mountPath: /etc/certs - readOnly: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts -{{- end }} -{{- if .Values.sidecar }} - - name: istio-proxy - image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 15003 - - containerPort: 15005 - - containerPort: 15007 - - containerPort: 15011 - args: - - proxy - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - istio-pilot - - --templateFile - - /etc/istio/proxy/envoy_pilot.yaml.tmpl - {{- if $.Values.global.controlPlaneSecurityEnabled}} - - --controlPlaneAuthPolicy - - MUTUAL_TLS - {{- else }} - - --controlPlaneAuthPolicy - - NONE - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if $.Values.global.proxy.logLevel }} - - --proxyLogLevel={{ $.Values.global.proxy.logLevel }} - {{- end}} - {{- if $.Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ $.Values.global.proxy.componentLogLevel }} - {{- end}} - {{- if $.Values.global.logging.level }} - - --log_output_level={{ $.Values.global.logging.level }} - {{- end}} - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: SDS_ENABLED - value: "{{ $.Values.global.sds.enabled }}" - resources: -{{- if .Values.global.proxy.resources }} -{{ toYaml .Values.global.proxy.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: istio-certs - mountPath: /etc/certs - readOnly: true - {{- if $.Values.global.sds.enabled }} - - name: sds-uds-path - mountPath: /var/run/sds - readOnly: true - - name: istio-token - mountPath: /var/run/secrets/tokens - {{- end }} -{{- end }} - volumes: - {{- if $.Values.global.sds.enabled }} - - hostPath: - path: /var/run/sds - name: sds-uds-path - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ $.Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - {{- end }} - - name: config-volume - configMap: - name: istio - - name: istio-certs - secret: - secretName: istio.istio-pilot-service-account - optional: true -{{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: istio-jwks-extra-cacerts -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/pilot/templates/meshexpansion.yaml b/charts/rancher-istio/1.5.920/charts/pilot/templates/meshexpansion.yaml deleted file mode 100755 index 4f3d59570..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/templates/meshexpansion.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-ilb-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 - - match: - - port: 15010 - route: - - destination: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15010 - - match: - - port: 5353 - route: - - destination: - host: kube-dns.kube-system.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 53 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - hosts: - - istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 15011 - route: - - destination: - host: istio-pilot.{{ $.Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 15011 ---- -{{- end }} - -{{- if .Values.global.controlPlaneSecurityEnabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: meshexpansion-dr-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: istio-pilot.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - trafficPolicy: - portLevelSettings: - - port: - number: 15011 - tls: - mode: DISABLE ---- -{{- end }} -{{- end }} - diff --git a/charts/rancher-istio/1.5.920/charts/pilot/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.920/charts/pilot/templates/poddisruptionbudget.yaml deleted file mode 100755 index a432023ca..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "pilot.name" . }} - release: {{ .Release.Name }} - istio: pilot -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/pilot/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/pilot/templates/service.yaml deleted file mode 100755 index a61d93025..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: pilot -spec: - ports: - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS - - port: 8080 - name: http-legacy-discovery # direct - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: pilot diff --git a/charts/rancher-istio/1.5.920/charts/pilot/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/pilot/templates/serviceaccount.yaml deleted file mode 100755 index 7ec2a66de..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-pilot-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "pilot.name" . }} - chart: {{ template "pilot.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.920/charts/pilot/values.yaml b/charts/rancher-istio/1.5.920/charts/pilot/values.yaml deleted file mode 100755 index 0d37ec59c..000000000 --- a/charts/rancher-istio/1.5.920/charts/pilot/values.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# -# pilot configuration -# -enabled: true -autoscaleEnabled: true -autoscaleMin: 1 -autoscaleMax: 5 -# specify replicaCount when autoscaleEnabled: false -# replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: pilot -sidecar: true -traceSampling: 1.0 -# if protocol sniffing is enabled for outbound -enableProtocolSniffingForOutbound: true -# if protocol sniffing is enabled for inbound -enableProtocolSniffingForInbound: false -# Resources for a small pilot install -resources: - requests: - cpu: 500m - memory: 2048Mi -env: - PILOT_PUSH_THROTTLE: 100 -cpu: - targetAverageUtilization: 80 -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# The following is used to limit how long a sidecar can be connected -# to a pilot. It balances out load across pilot instances at the cost of -# increasing system churn. -keepaliveMaxServerConnectionAge: 30m - -# This is used to set the source of configuration for -# the associated address in configSource, if nothing is specificed -# the default MCP is assumed. The alternative option is SERVICE_REGISTRY -# which describes the source is only forwarding synthetic service entries -configSource: - subscribedResources: diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/Chart.yaml b/charts/rancher-istio/1.5.920/charts/prometheus/Chart.yaml deleted file mode 100755 index 87ce795a5..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 2.8.0 -description: A Helm chart for Kubernetes -name: prometheus -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 039388329..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/templates/clusterrole.yaml b/charts/rancher-istio/1.5.920/charts/prometheus/templates/clusterrole.yaml deleted file mode 100755 index 06fdfaf53..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/templates/clusterrolebindings.yaml b/charts/rancher-istio/1.5.920/charts/prometheus/templates/clusterrolebindings.yaml deleted file mode 100755 index 295e0df72..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/templates/clusterrolebindings.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus-{{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: prometheus - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/templates/configmap.yaml b/charts/rancher-istio/1.5.920/charts/prometheus/templates/configmap.yaml deleted file mode 100755 index cfd0d43ab..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/templates/configmap.yaml +++ /dev/null @@ -1,294 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - scrape_configs: - - - job_name: 'istio-mesh' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;prometheus - - # Scrape config for envoy stats - - job_name: 'envoy-stats' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:15090 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'istio-policy' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-policy;http-monitoring - - - job_name: 'istio-telemetry' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-telemetry;http-monitoring - - - job_name: 'pilot' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-pilot;http-monitoring - - - job_name: 'galley' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-galley;http-monitoring - - - job_name: 'citadel' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-citadel;http-monitoring - - - job_name: 'sidecar-injector' - - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - {{ .Release.Namespace }} - - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: istio-sidecar-injector;http-monitoring - - # scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # scrape config for nodes (kubelet) - - job_name: 'kubernetes-nodes' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for Kubelet cAdvisor. - # - # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics - # (those whose names begin with 'container_') have been removed from the - # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to - # retrieve those metrics. - # - # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor - # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" - # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with - # the --cadvisor-port=0 Kubelet flag). - # - # This job is not necessary and should be removed in Kubernetes 1.6 and - # earlier versions, or it will cause the metrics to be scraped twice. - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # scrape config for service endpoints. - - job_name: 'kubernetes-service-endpoints' - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: keep - regex: ((;.*)|(.*;http)) - - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] - action: drop - regex: (true) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name - - - job_name: 'kubernetes-pods-istio-secure' - scheme: https - tls_config: - ca_file: /etc/istio-certs/root-cert.pem - cert_file: /etc/istio-certs/cert-chain.pem - key_file: /etc/istio-certs/key.pem - insecure_skip_verify: true # prometheus does not support secure naming. - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - # sidecar status annotation is added by sidecar injector and - # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. - - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] - action: keep - regex: (([^;]+);([^;]*))|(([^;]*);(true)) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] - action: drop - regex: (http) - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__] # Only keep address that is host:port - action: keep # otherwise an extra target with ':443' is added for https scheme - regex: ([^:]+):(\d+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: pod_name diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/prometheus/templates/deployment.yaml deleted file mode 100755 index 1033a2f5b..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# TODO: the original template has service account, roles, etc -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: prometheus -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: prometheus - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - '--storage.tsdb.retention={{ .Values.retention }}' - - '--config.file=/etc/prometheus/prometheus.yml' - ports: - - containerPort: 9090 - name: http - livenessProbe: - httpGet: - path: /-/healthy - port: 9090 - readinessProbe: - httpGet: - path: /-/ready - port: 9090 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - mountPath: /etc/istio-certs - name: istio-certs - volumes: - - name: config-volume - configMap: - name: prometheus - - name: istio-certs - secret: - defaultMode: 420 -{{- if not .Values.security.enabled }} - optional: true -{{- end }} - secretName: istio.default - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/templates/ingress.yaml b/charts/rancher-istio/1.5.920/charts/prometheus/templates/ingress.yaml deleted file mode 100755 index 43be65523..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/templates/ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} / {{ end }} - backend: - serviceName: prometheus - servicePort: 9090 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/prometheus/templates/service.yaml deleted file mode 100755 index d92525df0..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - annotations: - prometheus.io/scrape: 'true' - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - app: prometheus - ports: - - name: http-prometheus - protocol: TCP - port: 9090 - -{{- if .Values.service.nodePort.enabled }} -# Using separate ingress for nodeport, to avoid conflict with pilot e2e test configs. ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus-nodeport - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: NodePort - ports: - - port: 9090 - nodePort: {{ .Values.service.nodePort.port }} - name: http-prometheus - selector: - app: prometheus -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/prometheus/templates/serviceaccount.yaml deleted file mode 100755 index 7c2fab3f4..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: - app: prometheus - chart: {{ template "prometheus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.5.920/charts/prometheus/templates/tests/test-prometheus-connection.yaml deleted file mode 100755 index c36ce3f5c..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "prometheus.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: prometheus-test - chart: {{ template "prometheus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: prometheus - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "prometheus.fullname" . }}-test" - image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/prometheus/values.yaml b/charts/rancher-istio/1.5.920/charts/prometheus/values.yaml deleted file mode 100755 index 76bda8457..000000000 --- a/charts/rancher-istio/1.5.920/charts/prometheus/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# -# addon prometheus configuration -# -enabled: true -replicaCount: 1 -hub: docker.io/prom -image: prometheus -tag: v2.12.0 -retention: 6h -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# Controls the frequency of prometheus scraping -scrapeInterval: 15s - -contextPath: /prometheus - -ingress: - enabled: false - ## Used to create an Ingress record. - hosts: - - prometheus.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: prometheus-tls - # hosts: - # - prometheus.local - -service: - annotations: {} - nodePort: - enabled: false - port: 32090 - -security: - enabled: true diff --git a/charts/rancher-istio/1.5.920/charts/security/Chart.yaml b/charts/rancher-istio/1.5.920/charts/security/Chart.yaml deleted file mode 100755 index be7731948..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for istio authentication -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- security -name: security -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/security/templates/_helpers.tpl deleted file mode 100755 index 7f36f9d51..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "security.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "security.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "security.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/clusterrole.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/clusterrole.yaml deleted file mode 100755 index 75f2dec65..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "watch", "list", "update", "delete"] -- apiGroups: [""] - resources: ["serviceaccounts", "services", "namespaces"] - verbs: ["get", "watch", "list"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/clusterrolebinding.yaml deleted file mode 100755 index 0a15799ce..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-citadel-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-citadel-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/configmap.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/configmap.yaml deleted file mode 100755 index 14749fd65..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-security-custom-resources - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -data: - custom-resources.yaml: |- - {{- if .Values.global.mtls.enabled }} - {{- include "security-default.yaml.tpl" . | indent 4}} - {{- else }} - {{- include "security-permissive.yaml.tpl" . | indent 4}} - {{- end }} - run.sh: |- - {{- include "install-custom-resources.sh.tpl" . | indent 4}} diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/create-custom-resources-job.yaml deleted file mode 100755 index 61e1156a4..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/create-custom-resources-job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.createMeshPolicy }} -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-security-post-install-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ["authentication.istio.io"] # needed to create default authn policy - resources: ["*"] - verbs: ["*"] -- apiGroups: ["networking.istio.io"] # needed to create security destination rules - resources: ["*"] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments", "replicasets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-security-post-install-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-security-post-install-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-security-post-install-account - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-security-post-install-{{ .Values.global.tag | printf "%v" | trunc 32 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - template: - metadata: - name: istio-security-post-install - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-security-post-install-account - containers: - - name: kubectl - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: IfNotPresent - command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] - volumeMounts: - - mountPath: "/tmp/security" - name: tmp-configmap-security - volumes: - - name: tmp-configmap-security - configMap: - name: istio-security-custom-resources - restartPolicy: OnFailure - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/deployment.yaml deleted file mode 100755 index 81d0c6b28..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# istio CA watching all namespaces -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: citadel - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-citadel-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: citadel - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - {{- if .Values.global.sds.enabled }} - - --sds-enabled=true - {{- end }} - - --append-dns-names=true - - --grpc-port=8060 - - --citadel-storage-namespace={{ .Release.Namespace }} - - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }} - - --monitoring-port={{ .Values.global.monitoringPort }} - {{- if .Values.selfSigned }} - - --self-signed-ca=true - {{- else }} - - --self-signed-ca=false - - --signing-cert=/etc/cacerts/ca-cert.pem - - --signing-key=/etc/cacerts/ca-key.pem - - --root-cert=/etc/cacerts/root-cert.pem - - --cert-chain=/etc/cacerts/cert-chain.pem - {{- end }} - {{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} - {{- end }} - {{- if .Values.workloadCertTtl }} - - --workload-cert-ttl={{ .Values.workloadCertTtl }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - - --liveness-probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --liveness-probe-interval=60s # interval for health check file update - - --probe-check-interval=15s # interval for health status check - {{- end }} - env: - - name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT - value: "{{ .Values.enableNamespacesByDefault }}" - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.citadelHealthCheck }} - livenessProbe: - exec: - command: - - /usr/local/bin/istio_ca - - probe - - --probe-path=/tmp/ca.liveness # path to the liveness health check status file - - --interval=125s # the maximum time gap allowed between the file mtime and the current sys clock - initialDelaySeconds: 60 - periodSeconds: 60 - {{- end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} -{{- if not .Values.selfSigned }} - volumeMounts: - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - volumes: - - name: cacerts - secret: - secretName: cacerts - optional: true -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/enable-mesh-mtls.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/enable-mesh-mtls.yaml deleted file mode 100755 index 661617803..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/enable-mesh-mtls.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- define "security-default.yaml.tpl" }} -# These policy and destination rules effectively enable mTLS for all services in the mesh. For now, -# they are added to Istio installation yaml for backward compatible. In future, they should be in -# a separated yaml file so that customer can enable mTLS independent from installation. - -# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: {} -{{- if not .Values.global.mtls.auto }} ---- -# Corresponding destination rule to configure client side to use mutual TLS when talking to -# any service (host) in the mesh. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "default" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "*.local" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: ISTIO_MUTUAL ---- -# Destination rule to disable (m)TLS when talking to API server, as API server doesn't have sidecar. -# Customer should add similar destination rules for other services that don't have sidecar. -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "api-server" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: "kubernetes.default.svc.{{ .Values.global.proxy.clusterDomain }}" - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/enable-mesh-permissive.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/enable-mesh-permissive.yaml deleted file mode 100755 index a6931b3b9..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/enable-mesh-permissive.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "security-permissive.yaml.tpl" }} -# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. -apiVersion: "authentication.istio.io/v1alpha1" -kind: "MeshPolicy" -metadata: - name: "default" - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - peers: - - mtls: - mode: PERMISSIVE -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/meshexpansion.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/meshexpansion.yaml deleted file mode 100755 index 581ce964a..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/meshexpansion.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.global.meshExpansion.enabled }} -{{- if .Values.global.meshExpansion.useILB }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel-ilb - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-ilb-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- else }} - -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: meshexpansion-vs-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - hosts: - - istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - gateways: - - meshexpansion-gateway - tcp: - - match: - - port: 8060 - route: - - destination: - host: istio-citadel.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - port: - number: 8060 ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/poddisruptionbudget.yaml deleted file mode 100755 index 1a8809599..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "security.name" . }} - release: {{ .Release.Name }} - istio: citadel -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/service.yaml deleted file mode 100755 index efea17544..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - # we use the normal name here (e.g. 'prometheus') - # as grafana is configured to use this as a data source - name: istio-citadel - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: citadel -spec: - ports: - - name: grpc-citadel - port: 8060 - targetPort: 8060 - protocol: TCP - - name: http-monitoring - port: {{ .Values.global.monitoringPort }} - selector: - istio: citadel diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/serviceaccount.yaml deleted file mode 100755 index d07d566fa..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-citadel-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "security.name" . }} - chart: {{ template "security.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/rancher-istio/1.5.920/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.5.920/charts/security/templates/tests/test-citadel-connection.yaml deleted file mode 100755 index 481b486de..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/templates/tests/test-citadel-connection.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "security.fullname" . }}-test - namespace: {{ .Release.Namespace }} - labels: - app: istio-citadel-test - chart: {{ template "security.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - istio: citadel - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ template "security.fullname" . }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/security/values.yaml b/charts/rancher-istio/1.5.920/charts/security/values.yaml deleted file mode 100755 index ee16f2c60..000000000 --- a/charts/rancher-istio/1.5.920/charts/security/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# security configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: citadel -selfSigned: true # indicate if self-signed CA is used. -createMeshPolicy: true -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Enable health checking on the Citadel CSR signing API. -# https://istio.io/docs/tasks/security/health-check/ -citadelHealthCheck: false -# 90*24hour = 2160h -workloadCertTtl: 2160h -# Environment variables that configure Citadel. -env: {} - -# Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override -# labels are not found on a given namespace. -# -# For example: consider a namespace called "target", which has neither the "ca.istio.io/env" -# nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets -# for service accounts created in this "target" namespace, Citadel will defer to this option. If the value -# of this option is "true" in this case, secrets will be generated for the "target" namespace. -# If the value of this option is "false" Citadel will not generate secrets upon service account creation. -enableNamespacesByDefault: true - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] diff --git a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/Chart.yaml b/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/Chart.yaml deleted file mode 100755 index f814462ac..000000000 --- a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.9 -description: Helm chart for sidecar injector webhook deployment -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png -keywords: -- istio -- sidecarInjectorWebhook -name: sidecarInjectorWebhook -sources: -- http://github.com/istio/istio -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/_helpers.tpl deleted file mode 100755 index f3b9fb15b..000000000 --- a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sidecar-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sidecar-injector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sidecar-injector.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/clusterrole.yaml b/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/clusterrole.yaml deleted file mode 100755 index c56c7025c..000000000 --- a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-sidecar-injector-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -{{- if not .Values.global.operatorManageWebhooks }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "patch"] -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml deleted file mode 100755 index 748a93244..000000000 --- a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-sidecar-injector-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/deployment.yaml deleted file mode 100755 index b0ddf131f..000000000 --- a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - istio: sidecar-injector - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - template: - metadata: - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector - annotations: - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: istio-sidecar-injector-service-account -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: sidecar-injector-webhook - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - args: - - --caCertFile=/etc/istio/certs/root-cert.pem - - --tlsCertFile=/etc/istio/certs/cert-chain.pem - - --tlsKeyFile=/etc/istio/certs/key.pem - - --injectConfig=/etc/istio/inject/config - - --meshConfig=/etc/istio/config/mesh - - --healthCheckInterval=2s - - --healthCheckFile=/tmp/health -{{- if .Values.global.operatorManageWebhooks }} - - --reconcileWebhookConfig=false -{{- else }} - - --reconcileWebhookConfig=true -{{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/istio/config - readOnly: true - - name: certs - mountPath: /etc/istio/certs - readOnly: true - - name: inject-config - mountPath: /etc/istio/inject - readOnly: true - livenessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/tmp/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - readinessProbe: - exec: - command: - - /usr/local/bin/sidecar-injector - - probe - - --probe-path=/tmp/health - - --interval=4s - initialDelaySeconds: 4 - periodSeconds: 4 - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - volumes: - - name: config-volume - configMap: - name: istio - - name: certs - secret: -{{- if .Values.global.certificates }} - secretName: dns.istio-sidecar-injector-service-account -{{- else }} - secretName: istio.istio-sidecar-injector-service-account -{{- end }} - - name: inject-config - configMap: - name: istio-sidecar-injector - items: - - key: config - path: config - - key: values - path: values - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml b/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml deleted file mode 100755 index 4a31415f2..000000000 --- a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: sidecar-injector.istio.io - clientConfig: - service: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - path: "/inject" - caBundle: "" - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - namespaceSelector: -{{- if .Values.enableNamespacesByDefault }} - matchExpressions: - - key: name - operator: NotIn - values: - - {{ .Release.Namespace }} - - key: istio-injection - operator: NotIn - values: - - disabled -{{- else }} - matchLabels: - istio-injection: enabled -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml b/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml deleted file mode 100755 index 870b92508..000000000 --- a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: -{{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} - selector: - matchLabels: - app: {{ template "sidecar-injector.name" . }} - release: {{ .Release.Name }} - istio: sidecar-injector - {{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/service.yaml deleted file mode 100755 index ea03cd81c..000000000 --- a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -spec: - ports: - - port: 443 - name: https-inject - targetPort: 9443 - - port: {{ .Values.global.monitoringPort }} - name: http-monitoring - selector: - istio: sidecar-injector diff --git a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml deleted file mode 100755 index d4020b517..000000000 --- a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: istio-sidecar-injector-service-account - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "sidecar-injector.name" . }} - chart: {{ template "sidecar-injector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector diff --git a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/values.yaml deleted file mode 100755 index b2716d945..000000000 --- a/charts/rancher-istio/1.5.920/charts/sidecarInjectorWebhook/values.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# -# sidecar-injector webhook configuration -# -enabled: true -replicaCount: 1 -rollingMaxSurge: 100% -rollingMaxUnavailable: 25% -image: sidecar_injector -enableNamespacesByDefault: false -nodeSelector: {} -tolerations: [] -podAnnotations: {} - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -# If true, webhook or istioctl injector will rewrite PodSpec for liveness -# health check to redirect request to sidecar. This makes liveness check work -# even when mTLS is enabled. -rewriteAppHTTPProbe: true - -# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or -# always skip the injection on pods that match that label selector, regardless of the global policy. -# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions -neverInjectSelector: [] - -alwaysInjectSelector: [] - -# injectedAnnotations are additional annotations that will be added to the pod spec after injection -# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: -# -# annotations: -# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default -# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -# -# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before -# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: -# injectedAnnotations: -# container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default -# container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default -injectedAnnotations: {} diff --git a/charts/rancher-istio/1.5.920/charts/tracing/.helmignore b/charts/rancher-istio/1.5.920/charts/tracing/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-istio/1.5.920/charts/tracing/Chart.yaml b/charts/rancher-istio/1.5.920/charts/tracing/Chart.yaml deleted file mode 100755 index f3b8486f6..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for Kubernetes -name: tracing -tillerVersion: '>=2.7.2' -version: 1.5.9 diff --git a/charts/rancher-istio/1.5.920/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/charts/tracing/templates/_helpers.tpl deleted file mode 100755 index e246b59b1..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tracing.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.5.920/charts/tracing/templates/deployment-jaeger.yaml deleted file mode 100755 index da54eeb94..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/templates/deployment-jaeger.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: jaeger - template: - metadata: - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: 9411 - - containerPort: 16686 - - containerPort: 14250 - - containerPort: 14267 - - containerPort: 14268 - - containerPort: 14269 - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persist }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.5.920/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.5.920/charts/tracing/templates/deployment-zipkin.yaml deleted file mode 100755 index eef24fc16..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/templates/deployment-zipkin.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if eq .Values.provider "zipkin" }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istio-tracing - namespace: {{ .Release.Namespace }} - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: zipkin - template: - metadata: - labels: - app: zipkin - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- if .Values.zipkin.podAnnotations }} -{{ toYaml .Values.zipkin.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} - containers: - - name: zipkin - image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - ports: - - containerPort: {{ .Values.zipkin.queryPort }} - livenessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - tcpSocket: - port: {{ .Values.zipkin.queryPort }} - readinessProbe: - initialDelaySeconds: {{ .Values.zipkin.probeStartupDelay }} - httpGet: - path: /health - port: {{ .Values.zipkin.queryPort }} - resources: -{{- if .Values.zipkin.resources }} -{{ toYaml .Values.zipkin.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUERY_PORT - value: "{{ .Values.zipkin.queryPort }}" - - name: JAVA_OPTS - value: "-XX:ConcGCThreads={{ .Values.zipkin.node.cpus }} -XX:ParallelGCThreads={{ .Values.zipkin.node.cpus }} -Djava.util.concurrent.ForkJoinPool.common.parallelism={{ .Values.zipkin.node.cpus }} -Xms{{ .Values.zipkin.javaOptsHeap }}M -Xmx{{ .Values.zipkin.javaOptsHeap }}M -XX:+UseG1GC -server" - - name: STORAGE_METHOD - value: "mem" - - name: ZIPKIN_STORAGE_MEM_MAXSPANS - value: "{{ .Values.zipkin.maxSpans }}" - affinity: - {{- include "nodeaffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 6 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-istio/1.5.920/charts/tracing/templates/ingress.yaml b/charts/rancher-istio/1.5.920/charts/tracing/templates/ingress.yaml deleted file mode 100755 index 72f362166..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ if $.Values.contextPath }} {{ $.Values.contextPath }} {{ else }} /{{ $.Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 - - {{- end -}} -{{- else }} - - http: - paths: - - path: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - backend: - serviceName: tracing - servicePort: 80 -{{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/1.5.920/charts/tracing/templates/pvc.yaml deleted file mode 100755 index 60140494c..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq .Values.provider "jaeger" }} -{{- if .Values.jaeger.persist }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: 5Gi -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/tracing/templates/service-jaeger.yaml b/charts/rancher-istio/1.5.920/charts/tracing/templates/service-jaeger.yaml deleted file mode 100755 index f7ab769b8..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/templates/service-jaeger.yaml +++ /dev/null @@ -1,114 +0,0 @@ -{{ if eq .Values.provider "jaeger" }} - -apiVersion: v1 -kind: List -metadata: - name: jaeger-services - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-query - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: jaeger - jaeger-infra: jaeger-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: query-http - port: 16686 - protocol: TCP - targetPort: 16686 - selector: - app: jaeger -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-tchannel - port: 14267 - protocol: TCP - targetPort: 14267 - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - type: ClusterIP -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-collector-headless - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: collector-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: jaeger - clusterIP: None -- apiVersion: v1 - kind: Service - metadata: - name: jaeger-agent - namespace: {{ .Release.Namespace }} - labels: - app: jaeger - jaeger-infra: agent-service - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - name: agent-zipkin-thrift - port: 5775 - protocol: UDP - targetPort: 5775 - - name: agent-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: agent-binary - port: 6832 - protocol: UDP - targetPort: 6832 - clusterIP: None - selector: - app: jaeger -{{ end }} - diff --git a/charts/rancher-istio/1.5.920/charts/tracing/templates/service.yaml b/charts/rancher-istio/1.5.920/charts/tracing/templates/service.yaml deleted file mode 100755 index 798829793..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: List -metadata: - name: tracing-services - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -items: -- apiVersion: v1 - kind: Service - metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - ports: - - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ .Values.provider }} -- apiVersion: v1 - kind: Service - metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - chart: {{ template "tracing.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - type: {{ .Values.service.type }} - ports: - - name: http-query - port: {{ .Values.service.externalPort }} - protocol: TCP -{{ if eq .Values.provider "jaeger" }} - targetPort: 16686 -{{ else }} - targetPort: {{ .Values.zipkin.queryPort }} -{{ end}} - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/1.5.920/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.5.920/charts/tracing/templates/tests/test-tracing-connection.yaml deleted file mode 100755 index 64248e8c5..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/templates/tests/test-tracing-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.global.enableHelmTest }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-{{ .Values.provider }}-test - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }}-test - chart: {{ template "tracing.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "false" - helm.sh/hook: test-success -spec: -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} - containers: - - name: "{{ .Values.provider }}-test" - image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" - imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" - command: ['curl'] - {{- if eq .Values.provider "jaeger" }} - args: ['http://tracing:80{{ .Values.jaeger.contextPath}}'] - {{- else }} - args: ['http://tracing:80'] - {{- end }} - restartPolicy: Never - affinity: - {{- include "nodeaffinity" . | indent 4 }} - {{- include "podAntiAffinity" . | indent 4 }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 2 }} - {{- else if .Values.global.defaultTolerations }} - tolerations: -{{ toYaml .Values.global.defaultTolerations | indent 2 }} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/charts/tracing/values.yaml b/charts/rancher-istio/1.5.920/charts/tracing/values.yaml deleted file mode 100755 index 03381bfe5..000000000 --- a/charts/rancher-istio/1.5.920/charts/tracing/values.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# -# addon jaeger tracing configuration -# -enabled: false - -provider: jaeger -nodeSelector: {} -tolerations: [] - -# Specify the pod anti-affinity that allows you to constrain which nodes -# your pod is eligible to be scheduled based on labels on pods that are -# already running on the node rather than based on labels on nodes. -# There are currently two types of anti-affinity: -# "requiredDuringSchedulingIgnoredDuringExecution" -# "preferredDuringSchedulingIgnoredDuringExecution" -# which denote "hard" vs. "soft" requirements, you can define your values -# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" -# correspondingly. -# For example: -# podAntiAffinityLabelSelector: -# - key: security -# operator: In -# values: S1,S2 -# topologyKey: "kubernetes.io/hostname" -# This pod anti-affinity rule says that the pod requires not to be scheduled -# onto a node if that node is already running a pod with label having key -# "security" and value "S1". -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] - -jaeger: - hub: docker.io/jaegertracing - image: all-in-one - tag: 1.16 - podAnnotations: {} - memory: - max_traces: 50000 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - persist: false - storageClassName: "" - accessMode: ReadWriteMany - - -zipkin: - hub: docker.io/openzipkin - image: zipkin - tag: 2.14.2 - podAnnotations: {} - probeStartupDelay: 200 - queryPort: 9411 - resources: - limits: - cpu: 300m - memory: 900Mi - requests: - cpu: 150m - memory: 900Mi - javaOptsHeap: 700 - # From: https://github.com/openzipkin/zipkin/blob/master/zipkin-server/src/main/resources/zipkin-server-shared.yml#L51 - # Maximum number of spans to keep in memory. When exceeded, oldest traces (and their spans) will be purged. - # A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus - # 100 MB for a safety buffer. You'll need to verify in your own environment. - maxSpans: 500000 - node: - cpus: 2 - -service: - annotations: {} - name: http - type: ClusterIP - externalPort: 80 - -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - # - tracing.local - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: tracing-tls - # hosts: - # - tracing.local - diff --git a/charts/rancher-istio/1.5.920/files/injection-template.yaml b/charts/rancher-istio/1.5.920/files/injection-template.yaml deleted file mode 100755 index 7accc63ea..000000000 --- a/charts/rancher-istio/1.5.920/files/injection-template.yaml +++ /dev/null @@ -1,473 +0,0 @@ -rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe true }} -initContainers: -{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} -{{ if .Values.istio_cni.enabled -}} -- name: istio-validation -{{ else -}} -- name: istio-init -{{ end -}} -{{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- else }} - image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" -{{- end }} - command: - - istio-iptables - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - 1337 - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if .Values.istio_cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ end -}} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" -{{- if .Values.global.proxy_init.resources }} - resources: - {{ toYaml .Values.global.proxy_init.resources | indent 4 }} -{{- else }} - resources: {} -{{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.istio_cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.istio_cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsUser: 1337 - runAsNonRoot: true - {{- end }} - restartPolicy: Always -{{ end -}} -{{- if eq (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} -- name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- else }} - image: "{{ .Values.global.proxy.enableCoreDumpImage }}" - {{- end }} - imagePullPolicy: IfNotPresent - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 -{{ end }} -containers: -- name: istio-proxy -{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` "") }} # if custom pod then use that - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" -{{- else }} - {{- if .Values.global.systemDefaultRegistry }} - image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- else }} - image: "{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" - {{- end }} -{{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --configPath - - "{{ .ProxyConfig.ConfigPath }}" - - --binaryPath - - "{{ .ProxyConfig.BinaryPath }}" - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --drainDuration - - "{{ formatDuration .ProxyConfig.DrainDuration }}" - - --parentShutdownDuration - - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - - --discoveryAddress - - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" -{{- if eq .Values.global.proxy.tracer "lightstep" }} - - --lightstepAddress - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - - --lightstepAccessToken - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} -{{- if .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - - --lightstepCacertPath - - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" -{{- end }} -{{- else if eq .Values.global.proxy.tracer "zipkin" }} - - --zipkinAddress - - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" -{{- else if eq .Values.global.proxy.tracer "datadog" }} - - --datadogAgentAddress - - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" -{{- end }} -{{- if .Values.global.proxy.logLevel }} - - --proxyLogLevel={{ .Values.global.proxy.logLevel }} -{{- end}} -{{- if .Values.global.proxy.componentLogLevel }} - - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} -{{- end}} -{{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} -{{- end}} - - --dnsRefreshRate - - {{ .Values.global.proxy.dnsRefreshRate }} - - --connectTimeout - - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" -{{- if .Values.global.proxy.envoyStatsd.enabled }} - - --statsdUdpAddress - - "{{ .ProxyConfig.StatsdUdpAddress }}" -{{- end }} -{{- if .Values.global.proxy.envoyMetricsService.enabled }} - - --envoyMetricsService - - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' -{{- end }} -{{- if .Values.global.proxy.envoyAccessLogService.enabled }} - - --envoyAccessLogService - - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' -{{- end }} - - --proxyAdminPort - - "{{ .ProxyConfig.ProxyAdminPort }}" - {{ if gt .ProxyConfig.Concurrency 0 -}} - - --concurrency - - "{{ .ProxyConfig.Concurrency }}" - {{ end -}} - - --controlPlaneAuthPolicy - - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" -{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} - - --statusPort - - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" -{{- end }} -{{- if .Values.global.trustDomain }} - - --trust-domain={{ .Values.global.trustDomain }} -{{- end }} -{{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: |- - [ - {{- range $index, $container := .Spec.Containers }} - {{- if ne $index 0}},{{- end}} - {{ $container.Name }} - {{- end}} - ] - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.global.mtls.auto }} - - name: ISTIO_AUTO_MTLS_ENABLED - value: "true" - {{- end }} -{{- if eq .Values.global.proxy.tracer "datadog" }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} -{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" -{{- end }} -{{- end }} -{{- end }} - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: {{ $.Values.global.sds.enabled }} - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{ if .ObjectMeta.Labels }} - - name: ISTIO_METAJSON_LABELS - value: | - {{ toJSON .ObjectMeta.Labels }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{ .DeploymentMeta.Name }} - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.sds.customTokenDirectory }} - - name: ISTIO_META_SDS_TOKEN_PATH - value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if .Values.global.trustDomain }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.trustDomain }}" - {{- end }} - {{- if eq .Values.global.proxy.tracer "stackdriver" }} - - name: STACKDRIVER_TRACING_ENABLED - value: "true" - - name: STACKDRIVER_TRACING_DEBUG - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes.Value }}" - {{- end }} - {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} - - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS - value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents.Value }}" - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - add: - - NET_ADMIN - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} - runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - runAsNonRoot: false - runAsUser: 0 - {{- else -}} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: -{{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} -{{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 4 }} - {{- end }} -{{- end }} - volumeMounts: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if .Values.global.sds.enabled }} - - mountPath: /var/run/sds - name: sds-uds-path - readOnly: true - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.sds.customTokenDirectory }} - - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" - name: custom-sds-token - readOnly: true - {{- end }} - {{- else }} - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{- end }} -volumes: -{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} -- name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} -{{- end }} -- emptyDir: - medium: Memory - name: istio-envoy -{{- if .Values.global.sds.enabled }} -- name: sds-uds-path - hostPath: - path: /var/run/sds -- name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} -{{- if .Values.global.sds.customTokenDirectory }} -- name: custom-sds-token - secret: - secretName: sdstokensecret -{{- end }} -{{- else }} -- name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} -- name: "{{ $index }}" - {{ toYaml $value | indent 2 }} - {{ end }} - {{ end }} -{{- end }} -{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} -- name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert -{{- end }} -{{- if .Values.global.podDNSSearchNamespaces }} -dnsConfig: - searches: - {{- range .Values.global.podDNSSearchNamespaces }} - - {{ render . }} - {{- end }} -{{- end }} -podRedirectAnnot: - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" -{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" -{{- end }} - traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/charts/rancher-istio/1.5.920/questions.yaml b/charts/rancher-istio/1.5.920/questions.yaml deleted file mode 100644 index f9c849d79..000000000 --- a/charts/rancher-istio/1.5.920/questions.yaml +++ /dev/null @@ -1,4 +0,0 @@ -labels: - rancher.istio.v1.5.920: 1.5.9 -rancher_min_version: 2.6.0-alpha1 -rancher_max_version: 2.6.99 diff --git a/charts/rancher-istio/1.5.920/requirements.yaml b/charts/rancher-istio/1.5.920/requirements.yaml deleted file mode 100755 index 52613bcf6..000000000 --- a/charts/rancher-istio/1.5.920/requirements.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dependencies: - - name: sidecarInjectorWebhook - version: 1.5.9 - condition: sidecarInjectorWebhook.enabled - - name: security - version: 1.5.9 - condition: security.enabled - - name: gateways - version: 1.5.9 - condition: gateways.enabled - - name: mixer - version: 1.5.9 - condition: or mixer.policy.enabled mixer.telemetry.enabled - - name: nodeagent - version: 1.5.9 - condition: nodeagent.enabled - - name: pilot - version: 1.5.9 - condition: pilot.enabled - - name: grafana - version: 1.5.9 - condition: grafana.enabled - - name: prometheus - version: 1.5.9 - condition: prometheus.enabled - - name: tracing - version: 1.5.9 - condition: tracing.enabled - - name: galley - version: 1.5.9 - condition: galley.enabled - - name: kiali - version: 1.5.9 - condition: kiali.enabled - - name: istiocoredns - version: 1.5.9 - condition: istiocoredns.enabled - - name: certmanager - version: 1.5.9 - condition: certmanager.enabled diff --git a/charts/rancher-istio/1.5.920/templates/NOTES.txt b/charts/rancher-istio/1.5.920/templates/NOTES.txt deleted file mode 100755 index 3b323594c..000000000 --- a/charts/rancher-istio/1.5.920/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name | title }}. - -Your release is named {{ .Release.Name | title }}. - -To get started running application with Istio, execute the following steps: - -{{- if index .Values "sidecarInjectorWebhook" "enabled" }} -1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) - -$ kubectl label namespace default istio-injection=enabled -$ kubectl get namespace -L istio-injection - -2. Deploy your applications - -$ kubectl apply -f .yaml -{{- else }} -1. Download the latest release package to get sidecar injection tool - -$ curl -L https://git.io/getLatestIstio | sh - -$ mv istio-* istio-latest -$ export PATH="$PATH:$PWD/istio-latest/bin" - -2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` - -$ kubectl apply -f <(istioctl kube-inject -f .yaml) -{{- end }} - -For more information on running Istio, visit: -https://istio.io/ diff --git a/charts/rancher-istio/1.5.920/templates/_affinity.tpl b/charts/rancher-istio/1.5.920/templates/_affinity.tpl deleted file mode 100755 index 7639be434..000000000 --- a/charts/rancher-istio/1.5.920/templates/_affinity.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} - -{{- define "nodeaffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/templates/_helpers.tpl b/charts/rancher-istio/1.5.920/templates/_helpers.tpl deleted file mode 100755 index 3f267faa2..000000000 --- a/charts/rancher-istio/1.5.920/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-istio/1.5.920/templates/_podDisruptionBudget.tpl b/charts/rancher-istio/1.5.920/templates/_podDisruptionBudget.tpl deleted file mode 100755 index ebb86068c..000000000 --- a/charts/rancher-istio/1.5.920/templates/_podDisruptionBudget.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "podDisruptionBudget.spec" }} - minAvailable: 1 -{{- end }} diff --git a/charts/rancher-istio/1.5.920/templates/clusterrole.yaml b/charts/rancher-istio/1.5.920/templates/clusterrole.yaml deleted file mode 100755 index b92c9ef8b..000000000 --- a/charts/rancher-istio/1.5.920/templates/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-reader -rules: - - apiGroups: [''] - resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] - verbs: ['get', 'watch', 'list'] - - apiGroups: ["extensions", "apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] diff --git a/charts/rancher-istio/1.5.920/templates/clusterrolebinding.yaml b/charts/rancher-istio/1.5.920/templates/clusterrolebinding.yaml deleted file mode 100755 index 759678ea6..000000000 --- a/charts/rancher-istio/1.5.920/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-multi - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-multi - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader -subjects: -- kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.920/templates/configmap.yaml b/charts/rancher-istio/1.5.920/templates/configmap.yaml deleted file mode 100755 index 6bac37a7c..000000000 --- a/charts/rancher-istio/1.5.920/templates/configmap.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- if or .Values.pilot.enabled .Values.global.istioRemote }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - mesh: |- - # Set the following variable to true to disable policy checks by Mixer. - # Note that metrics will still be reported to Mixer. - {{- if .Values.mixer.policy.enabled }} - disablePolicyChecks: {{ .Values.global.disablePolicyChecks }} - {{- else }} - disablePolicyChecks: true - {{- end }} - - disableMixerHttpReports: false - - {{- if .Values.mixer.telemetry.reportBatchMaxEntries }} - # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server - reportBatchMaxEntries: {{ .Values.mixer.telemetry.reportBatchMaxEntries }} - {{- end }} - - {{- if .Values.mixer.telemetry.reportBatchMaxTime }} - # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server - reportBatchMaxTime: {{ .Values.mixer.telemetry.reportBatchMaxTime }} - {{- end }} - - {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} - # sidecarToTelemetrySessionAffinity will create a STRICT_DNS type cluster for istio-telemetry. - sidecarToTelemetrySessionAffinity: {{ .Values.mixer.telemetry.sessionAffinityEnabled }} - {{- end }} - - # Set enableTracing to false to disable request tracing. - enableTracing: {{ .Values.global.enableTracing }} - - # Set accessLogFile to empty string to disable access log. - accessLogFile: "{{ .Values.global.proxy.accessLogFile }}" - - # If accessLogEncoding is TEXT, value will be used directly as the log format - # example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" - # If AccessLogEncoding is JSON, value will be parsed as map[string]string - # example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' - # Leave empty to use default log format - accessLogFormat: {{ .Values.global.proxy.accessLogFormat | quote }} - - # Set accessLogEncoding to JSON or TEXT to configure sidecar access log - accessLogEncoding: '{{ .Values.global.proxy.accessLogEncoding }}' - - enableEnvoyAccessLogService: {{ .Values.global.proxy.envoyAccessLogService.enabled }} - - {{- if .Values.global.istioRemote }} - - {{- if .Values.global.remotePolicyAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}:15004 - {{- else }} - mixerCheckServer: {{ .Values.global.remotePolicyAddress }}:15004 - {{- end }} - {{- end }} - {{- if .Values.global.remoteTelemetryAddress }} - {{- if .Values.global.createRemoteSvcEndpoints }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}:15004 - {{- else }} - mixerReportServer: {{ .Values.global.remoteTelemetryAddress }}:15004 - {{- end }} - {{- end }} - - {{- else }} - - {{- if .Values.mixer.policy.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerCheckServer: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - {{- if .Values.mixer.telemetry.enabled }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:15004 - {{- else }} - mixerReportServer: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}:9091 - {{- end }} - {{- end }} - - {{- end }} - - {{- if or .Values.mixer.policy.enabled (and .Values.global.istioRemote .Values.global.remotePolicyAddress) }} - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: {{ .Values.global.policyCheckFailOpen }} - {{- end }} - - {{- if .Values.gateways.enabled }} - # Let Pilot give ingresses the public IP of the Istio ingressgateway - ingressService: istio-ingressgateway - {{- end }} - - # Default connect timeout for dynamic clusters generated by Pilot and returned via XDS - connectTimeout: 10s - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: {{ .Values.global.proxy.protocolDetectionTimeout }} - - # DNS refresh rate for Envoy clusters of type STRICT_DNS - dnsRefreshRate: {{ .Values.global.proxy.dnsRefreshRate }} - - # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get - # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. - sdsUdsPath: {{ .Values.global.sds.udsPath | quote }} - - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: {{ .Values.global.trustDomain | quote }} - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: - {{- range .Values.global.trustDomainAliases }} - - {{ . | quote }} - {{- end }} - - # If true, automatically configure client side mTLS settings to match the corresponding service's - # server side mTLS authentication policy, when destination rule for that service does not specify - # TLS settings. - enableAutoMtls: {{ .Values.global.mtls.auto }} - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - outboundTrafficPolicy: - mode: {{ .Values.global.outboundTrafficPolicy.mode }} - - {{- if .Values.global.localityLbSetting.enabled }} - localityLbSetting: -{{ toYaml .Values.global.localityLbSetting | trim | indent 6 }} - {{- end }} - # The namespace to treat as the administrative root namespace for istio - # configuration. -{{- if .Values.global.configRootNamespace }} - rootNamespace: {{ .Values.global.configRootNamespace }} -{{- else }} - rootNamespace: {{ .Release.Namespace }} -{{- end }} - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - certificates: -{{ toYaml .Values.global.certificates | trim | indent 6 }} - - {{- if .Values.global.defaultConfigVisibilitySettings }} - defaultServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultVirtualServiceExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - defaultDestinationRuleExportTo: - {{- range .Values.global.defaultConfigVisibilitySettings }} - - {{ . | quote }} - {{- end }} - {{- end }} - - {{- if $.Values.global.useMCP }} - configSources: - - address: istio-galley.{{ $.Release.Namespace }}.svc:9901 - {{- if .Values.pilot.configSource.subscribedResources }} - subscribedResources: - {{- range .Values.pilot.configSource.subscribedResources }} - - {{ . }} - {{- end }} - {{- end}} - {{- if $.Values.global.controlPlaneSecurityEnabled}} - tlsSettings: - mode: ISTIO_MUTUAL - {{- end }} - {{- end }} - - defaultConfig: - # - # TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters - # defined in Envoy's configuration file - connectTimeout: 10s - # - ### ADVANCED SETTINGS ############# - # Where should envoy's configuration be stored in the istio-proxy container - configPath: "/etc/istio/proxy" - binaryPath: "/usr/local/bin/envoy" - # The pseudo service name used for Envoy. - serviceCluster: istio-proxy - # These settings that determine how long an old Envoy - # process should be kept alive after an occasional reload. - drainDuration: 45s - parentShutdownDuration: 1m0s - # - # The mode used to redirect inbound connections to Envoy. This setting - # has no effect on outbound traffic: iptables REDIRECT is always used for - # outbound connections. - # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. - # The "REDIRECT" mode loses source addresses during redirection. - # If "TPROXY", use iptables TPROXY to redirect to Envoy. - # The "TPROXY" mode preserves both the source and destination IP - # addresses and ports, so that they can be used for advanced filtering - # and manipulation. - # The "TPROXY" mode also configures the sidecar to run with the - # CAP_NET_ADMIN capability, which is required to use TPROXY. - #interceptionMode: REDIRECT - # - # Port where Envoy listens (on local host) for admin commands - # You can exec into the istio-proxy container in a pod and - # curl the admin port (curl http://localhost:15000/) to obtain - # diagnostic information from Envoy. See - # https://lyft.github.io/envoy/docs/operations/admin.html - # for more details - proxyAdminPort: 15000 - # - # Set concurrency to a specific number to control the number of Proxy worker threads. - # If set to 0 (default), then start worker thread for each CPU thread/core. - concurrency: {{ .Values.global.proxy.concurrency }} - # - {{- if eq .Values.global.proxy.tracer "lightstep" }} - tracing: - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - # Whether communication with the Satellite pool should be secure - secure: {{ .Values.global.tracer.lightstep.secure }} - {{- if .Values.global.tracer.lightstep.secure }} - # Path to the file containing the cacert to use when verifying TLS - cacertPath: {{ .Values.global.tracer.lightstep.cacertPath }} - {{- end }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - tracing: - zipkin: - # Address of the Zipkin collector - {{- if .Values.global.tracer.zipkin.address }} - address: {{ .Values.global.tracer.zipkin.address }} - {{- else if .Values.global.remoteZipkinAddress }} - address: {{ .Values.global.remoteZipkinAddress }}:9411 - {{- else }} - address: zipkin.{{ .Release.Namespace }}:9411 - {{- end }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - tracing: - datadog: - # Address of the Datadog Agent - address: {{ .Values.global.tracer.datadog.address }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - tracing: - stackdriver: {} - {{- end }} - - {{- if .Values.global.proxy.envoyStatsd.enabled }} - # - # Statsd metrics collector converts statsd metrics into Prometheus metrics. - statsdUdpAddress: {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }} - {{- end }} - - {{- if .Values.global.proxy.envoyMetricsService.enabled }} - # - # Envoy's Metrics Service stats sink pushes Envoy metrics to a remote collector via the Metrics Service gRPC API. - envoyMetricsService: - address: {{ .Values.global.proxy.envoyMetricsService.host }}:{{ .Values.global.proxy.envoyMetricsService.port }} - {{- if .Values.global.proxy.envoyMetricsService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyMetricsService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyMetricsService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyMetricsService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - # - # Envoy's AccessLog Service pushes access logs to a remote collector via the Access Log Service gRPC API. - envoyAccessLogService: - address: {{ .Values.global.proxy.envoyAccessLogService.host }}:{{ .Values.global.proxy.envoyAccessLogService.port }} - {{- if .Values.global.proxy.envoyAccessLogService.tlsSettings }} - tlsSettings: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tlsSettings | trim | indent 10 }} - {{- end}} - {{- if .Values.global.proxy.envoyAccessLogService.tcpKeepalive }} - tcpKeepalive: -{{ toYaml .Values.global.proxy.envoyAccessLogService.tcpKeepalive | trim | indent 10 }} - {{- end}} - {{- end}} - - {{- $defPilotHostname := printf "istio-pilot.%s" .Release.Namespace }} - {{- $pilotAddress := .Values.global.remotePilotAddress | default $defPilotHostname }} - {{- if .Values.global.controlPlaneSecurityEnabled }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: MUTUAL_TLS - # - # Address where istio Pilot service is running - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ $defPilotHostname }}:15011 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15011 - {{- end }} - {{- else }} - # - # Mutual TLS authentication between sidecars and istio control plane. - controlPlaneAuthPolicy: NONE - # - # Address where istio Pilot service is running - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ $defPilotHostname }}:15010 - {{- else }} - discoveryAddress: {{ $pilotAddress }}:15010 - {{- end }} - {{- end }} - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/templates/crd-all.gen.yaml b/charts/rancher-istio/1.5.920/templates/crd-all.gen.yaml deleted file mode 100644 index 6c95a751d..000000000 --- a/charts/rancher-istio/1.5.920/templates/crd-all.gen.yaml +++ /dev/null @@ -1,6037 +0,0 @@ -# DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs. -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - description: Deprecated. - type: boolean - origins: - description: Deprecated. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - description: Deprecated. - type: boolean - peers: - description: List of authentication methods that can be used for peer authentication. - items: - oneOf: - - not: - anyOf: - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: Deprecated. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Deprecated. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: Deprecated. - items: - properties: - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - not: - anyOf: - - required: - - number - - required: - - name - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-citadel - chart: istio - heritage: Tiller - release: istio - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - categories: - - istio-io - - authentication-istio-io - kind: Policy - listKind: PolicyList - plural: policies - singular: policy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Authentication policy for Istio services. See more details at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' - properties: - originIsOptional: - description: Deprecated. - type: boolean - origins: - description: Deprecated. - items: - properties: - jwt: - description: Jwt params for the method. - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - type: array - peerIsOptional: - description: Deprecated. - type: boolean - peers: - description: List of authentication methods that can be used for peer authentication. - items: - oneOf: - - not: - anyOf: - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - - required: - - mtls - - properties: - jwt: {} - required: - - jwt - properties: - jwt: - properties: - audiences: - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - jwt_headers: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtHeaders: - description: JWT is sent in a request header. - items: - format: string - type: string - type: array - jwtParams: - description: JWT is sent in a query parameter. - items: - format: string - type: string - type: array - trigger_rules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - triggerRules: - items: - properties: - excluded_paths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - excludedPaths: - description: List of paths to be excluded from the request. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - included_paths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - includedPaths: - description: List of paths that the request must include. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - suffix - - required: - - regex - properties: - exact: - description: exact string match. - format: string - type: string - prefix: - description: prefix-based match. - format: string - type: string - regex: - description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). - format: string - type: string - suffix: - description: suffix-based match. - format: string - type: string - type: object - type: array - type: object - type: array - type: object - mtls: - description: Set if mTLS is used. - properties: - allowTls: - description: Deprecated. - type: boolean - mode: - description: Defines the mode of mTLS authentication. - enum: - - STRICT - - PERMISSIVE - type: string - type: object - type: object - type: array - principalBinding: - description: Deprecated. - enum: - - USE_PEER - - USE_ORIGIN - type: string - targets: - description: Deprecated. - items: - properties: - name: - description: The name must be a short name from the service registry. - format: string - type: string - ports: - description: Specifies the ports. - items: - oneOf: - - not: - anyOf: - - required: - - number - - required: - - name - - required: - - number - - required: - - name - properties: - name: - format: string - type: string - number: - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpec - listKind: HTTPAPISpecList - plural: httpapispecs - singular: httpapispec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_keys: - items: - oneOf: - - not: - anyOf: - - required: - - query - - required: - - header - - required: - - cookie - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - apiKeys: - items: - oneOf: - - not: - anyOf: - - required: - - query - - required: - - header - - required: - - cookie - - required: - - query - - required: - - header - - required: - - cookie - properties: - cookie: - format: string - type: string - header: - description: API key is sent in a request header. - format: string - type: string - query: - description: API Key is sent as a query parameter. - format: string - type: string - type: object - type: array - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - patterns: - description: List of HTTP patterns to match. - items: - oneOf: - - not: - anyOf: - - required: - - uriTemplate - - required: - - regex - - required: - - uriTemplate - - required: - - regex - properties: - attributes: - properties: - attributes: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - - required: - - stringValue - - required: - - int64Value - - required: - - doubleValue - - required: - - boolValue - - required: - - bytesValue - - required: - - timestampValue - - required: - - durationValue - - required: - - stringMapValue - properties: - boolValue: - type: boolean - bytesValue: - format: binary - type: string - doubleValue: - format: double - type: number - durationValue: - type: string - int64Value: - format: int64 - type: integer - stringMapValue: - properties: - entries: - additionalProperties: - format: string - type: string - description: Holds a set of name/value pairs. - type: object - type: object - stringValue: - format: string - type: string - timestampValue: - format: dateTime - type: string - type: object - description: A map of attribute name to its value. - type: object - type: object - httpMethod: - format: string - type: string - regex: - format: string - type: string - uriTemplate: - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: HTTPAPISpecBinding - listKind: HTTPAPISpecBindingList - plural: httpapispecbindings - singular: httpapispecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - api_specs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - apiSpecs: - items: - properties: - name: - description: The short name of the HTTPAPISpec. - format: string - type: string - namespace: - description: Optional namespace of the HTTPAPISpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed HTTPAPISpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpec - listKind: QuotaSpecList - plural: quotaspecs - singular: quotaspec - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Determines the quotas used for individual requests. - properties: - rules: - description: A list of Quota rules. - items: - properties: - match: - description: If empty, match all request. - items: - properties: - clause: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Map of attribute names to StringMatch type. - type: object - type: object - type: array - quotas: - description: The list of quotas to charge. - items: - properties: - charge: - format: int32 - type: integer - quota: - format: string - type: string - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-mixer - chart: istio - heritage: Tiller - release: istio - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - apim-istio-io - kind: QuotaSpecBinding - listKind: QuotaSpecBindingList - plural: quotaspecbindings - singular: quotaspecbinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - quotaSpecs: - items: - properties: - name: - description: The short name of the QuotaSpec. - format: string - type: string - namespace: - description: Optional namespace of the QuotaSpec. - format: string - type: string - type: object - type: array - services: - description: One or more services to map the listed QuotaSpec onto. - items: - properties: - domain: - description: Domain suffix used to construct the service FQDN in implementations that support such specification. - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: Optional one or more labels that uniquely identify the service version. - type: object - name: - description: The short name of the service such as "foo". - format: string - type: string - namespace: - description: Optional namespace of the service. - format: string - type: string - service: - description: The service FQDN. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - type: boolean - failover: - description: 'Optional: only failover or distribute can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from the connection pool. - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected from the connection pool. - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - listKind: EnvoyFilterList - plural: envoyfilters - singular: envoyfilter - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - not: - anyOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was generated. - type: integer - service: - description: The fully qualified service name for this cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - filter: - description: The name of a specific filter to apply the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's match condition. - format: string - type: string - transportProtocol: - description: Applies only to SIDECAR_INBOUND context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual host. - properties: - action: - description: Match a route with specific action type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - - INSERT_FIRST - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - filters: - items: - properties: - filterConfig: - type: object - filterName: - description: The name of the filter to instantiate. - format: string - type: string - filterType: - description: The type of filter to instantiate. - enum: - - INVALID - - HTTP - - NETWORK - type: string - insertPosition: - description: Insert position in the filter chain. - properties: - index: - description: Position of this filter in the filter chain. - enum: - - FIRST - - LAST - - BEFORE - - AFTER - type: string - relativeTo: - format: string - type: string - type: object - listenerMatch: - properties: - address: - description: One or more IP addresses to which the listener is bound. - items: - format: string - type: string - type: array - listenerProtocol: - description: Selects a class of listeners for the same protocol. - enum: - - ALL - - HTTP - - TCP - type: string - listenerType: - description: Inbound vs outbound sidecar listener or gateway listener. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - portNamePrefix: - format: string - type: string - portNumber: - type: integer - type: object - type: object - type: array - workloadLabels: - additionalProperties: - format: string - type: string - description: Deprecated. - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - listKind: GatewayList - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details at: https://istio.io/docs/reference/config/networking/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - tls: - description: Set of TLS related options that govern the server's behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - listKind: SidecarList - plural: sidecars - singular: sidecar - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The IP to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - type: object - type: object - type: array - outboundTrafficPolicy: - description: This allows to configure the outbound traffic policy. - properties: - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform CORS requests. - items: - format: string - type: string - type: array - allowOrigins: - description: String patterns that match allowed origins. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at the client side. - properties: - abort: - oneOf: - - not: - anyOf: - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http request. - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - not: - anyOf: - - required: - - fixedDelay - - required: - - exponentialDelay - - required: - - fixedDelay - - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should be case-insensitive. - type: boolean - method: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - uri: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - format: string - type: string - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` field. - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` field. - type: integer - mirrorPercentage: - description: Percentage of the traffic to be mirrored by the `mirror` field. - properties: - value: - format: double - type: number - type: object - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A HTTP rule can either redirect or forward (default) traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per retry attempt for a given request. - type: string - retryOn: - description: Specifies the conditions under which retry takes place. - format: string - type: string - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A HTTP rule can either redirect or forward (default) traffic. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be applied. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: array - route: - description: The destination to which the connection should be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: attributemanifests.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: attributemanifest - listKind: attributemanifestList - plural: attributemanifests - singular: attributemanifest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - attributes: - additionalProperties: - properties: - description: - description: A human-readable description of the attribute's purpose. - format: string - type: string - valueType: - description: The type of data carried by this attribute. - enum: - - VALUE_TYPE_UNSPECIFIED - - STRING - - INT64 - - DOUBLE - - BOOL - - TIMESTAMP - - IP_ADDRESS - - EMAIL_ADDRESS - - URI - - DNS_NAME - - DURATION - - STRING_MAP - type: string - type: object - description: The set of attributes this Istio component will be responsible for producing at runtime. - type: object - name: - description: Name of the component producing these attributes. - format: string - type: string - revision: - description: The revision of this document. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: mixer-handler - package: handler - release: istio - name: handlers.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: handler - listKind: handlerList - plural: handlers - singular: handler - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: Handler allows the operator to configure a specific adapter implementation. - properties: - adapter: - description: The name of a specific adapter implementation. - format: string - type: string - compiledAdapter: - description: The name of the compiled in adapter this handler instantiates. - format: string - type: string - connection: - description: Information on how to connect to the out-of-process adapter. - properties: - address: - description: The address of the backend. - format: string - type: string - authentication: - description: Auth config for the connection to the backend. - oneOf: - - not: - anyOf: - - properties: - tls: - allOf: - - oneOf: - - not: - anyOf: - - required: - - tokenPath - - required: - - oauth - - required: - - tokenPath - - required: - - oauth - - oneOf: - - not: - anyOf: - - required: - - authHeader - - required: - - customHeader - - required: - - authHeader - - required: - - customHeader - required: - - tls - - required: - - mutual - - properties: - tls: - allOf: - - oneOf: - - not: - anyOf: - - required: - - tokenPath - - required: - - oauth - - required: - - tokenPath - - required: - - oauth - - oneOf: - - not: - anyOf: - - required: - - authHeader - - required: - - customHeader - - required: - - authHeader - - required: - - customHeader - required: - - tls - - required: - - mutual - properties: - mutual: - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: The path to the file holding client certificate for mutual TLS. - format: string - type: string - privateKey: - description: The path to the file holding the private key for mutual TLS. - format: string - type: string - serverName: - description: Used to configure mixer mutual TLS client to supply server name for SNI. - format: string - type: string - type: object - tls: - properties: - authHeader: - description: Access token is passed as authorization header. - enum: - - PLAIN - - BEARER - type: string - caCertificates: - format: string - type: string - customHeader: - description: Customized header key to hold access token, e.g. - format: string - type: string - oauth: - description: Oauth config to fetch access token from auth provider. - properties: - clientId: - description: OAuth client id for mixer. - format: string - type: string - clientSecret: - description: The path to the file holding the client secret for oauth. - format: string - type: string - endpointParams: - additionalProperties: - format: string - type: string - description: Additional parameters for requests to the token endpoint. - type: object - scopes: - description: List of requested permissions. - items: - format: string - type: string - type: array - tokenUrl: - description: The Resource server's token endpoint URL. - format: string - type: string - type: object - serverName: - format: string - type: string - tokenPath: - format: string - type: string - type: object - type: object - timeout: - description: Timeout for remote calls to the backend. - type: string - type: object - name: - description: Must be unique in the entire Mixer configuration. - format: string - type: string - params: - description: Depends on adapter implementation. - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: mixer-instance - package: instance - release: istio - name: instances.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: instance - listKind: instanceList - plural: instances - singular: instance - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: An Instance tells Mixer how to create instances for particular template. - properties: - attributeBindings: - additionalProperties: - format: string - type: string - type: object - compiledTemplate: - description: The name of the compiled in template this instance creates instances for. - format: string - type: string - name: - format: string - type: string - params: - description: Depends on referenced template. - type: object - template: - description: The name of the template this instance creates instances for. - format: string - type: string - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: core - package: istio.io.mixer - release: istio - name: rules.config.istio.io -spec: - group: config.istio.io - names: - categories: - - istio-io - - policy-istio-io - kind: rule - listKind: ruleList - plural: rules - singular: rule - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes the rules used to configure Mixer''s policy and telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' - properties: - actions: - description: The actions that will be executed when match evaluates to `true`. - items: - properties: - handler: - description: Fully qualified name of the handler to invoke. - format: string - type: string - instances: - items: - format: string - type: string - type: array - name: - description: A handle to refer to the results of the action. - format: string - type: string - type: object - type: array - match: - description: Match is an attribute based predicate. - format: string - type: string - requestHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - responseHeaderOperations: - items: - properties: - name: - description: Header name literal value. - format: string - type: string - operation: - description: Header operation type. - enum: - - REPLACE - - REMOVE - - APPEND - type: string - values: - description: Header value expressions. - items: - format: string - type: string - type: array - type: object - type: array - sampling: - properties: - random: - description: Provides filtering of actions based on random selection per request. - properties: - attributeExpression: - description: Specifies an attribute expression to use to override the numerator in the `percent_sampled` field. - format: string - type: string - percentSampled: - description: The default sampling rate, expressed as a percentage. - properties: - denominator: - description: Specifies the denominator. - enum: - - HUNDRED - - TEN_THOUSAND - type: string - numerator: - description: Specifies the numerator. - type: integer - type: object - useIndependentRandomness: - description: By default sampling will be based on the value of the request header `x-request-id`. - type: boolean - type: object - rateLimit: - properties: - maxUnsampledEntries: - description: Number of entries to allow during the `sampling_duration` before sampling is enforced. - format: int64 - type: integer - samplingDuration: - description: Window in which to enforce the sampling rate. - type: string - samplingRate: - description: The rate at which to sample entries once the unsampled limit has been reached. - format: int64 - type: integer - type: object - type: object - type: object - type: object - versions: - - name: v1alpha2 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: rbac - release: istio - name: clusterrbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ClusterRbacConfig - listKind: ClusterRbacConfigList - plural: clusterrbacconfigs - singular: clusterrbacconfig - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: rbacconfigs.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: RbacConfig - listKind: RbacConfigList - plural: rbacconfigs - singular: rbacconfig - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - enforcementMode: - enum: - - ENFORCED - - PERMISSIVE - type: string - exclusion: - description: A list of services or namespaces that should not be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - inclusion: - description: A list of services or namespaces that should be enforced by Istio RBAC policies. - properties: - namespaces: - description: A list of namespaces. - items: - format: string - type: string - type: array - services: - description: A list of services. - items: - format: string - type: string - type: array - type: object - mode: - description: Istio RBAC mode. - enum: - - "OFF" - - "ON" - - ON_WITH_INCLUSION - - ON_WITH_EXCLUSION - type: string - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: serviceroles.rbac.istio.io -spec: - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRole - listKind: ServiceRoleList - plural: serviceroles - singular: servicerole - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - rules: - description: The set of access rules (permissions) that the role has. - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: mixer - chart: istio - heritage: Tiller - istio: rbac - package: istio.io.mixer - release: istio - name: servicerolebindings.rbac.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleRef.name - description: The name of the ServiceRole object being referenced - name: Reference - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: rbac.istio.io - names: - categories: - - istio-io - - rbac-istio-io - kind: ServiceRoleBinding - listKind: ServiceRoleBindingList - plural: servicerolebindings - singular: servicerolebinding - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' - properties: - actions: - items: - properties: - constraints: - description: Optional. - items: - properties: - key: - description: Key of the constraint. - format: string - type: string - values: - description: List of valid values for the constraint. - items: - format: string - type: string - type: array - type: object - type: array - hosts: - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - items: - format: string - type: string - type: array - notMethods: - items: - format: string - type: string - type: array - notPaths: - items: - format: string - type: string - type: array - notPorts: - items: - format: int32 - type: integer - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - items: - format: int32 - type: integer - type: array - services: - description: A list of service names. - items: - format: string - type: string - type: array - type: object - type: array - mode: - enum: - - ENFORCED - - PERMISSIVE - type: string - role: - format: string - type: string - roleRef: - description: Reference to the ServiceRole object. - properties: - kind: - description: The type of the role being referenced. - format: string - type: string - name: - description: The name of the ServiceRole object being referenced. - format: string - type: string - type: object - subjects: - description: List of subjects that are assigned the ServiceRole object. - items: - properties: - group: - format: string - type: string - groups: - items: - format: string - type: string - type: array - ips: - items: - format: string - type: string - type: array - names: - items: - format: string - type: string - type: array - namespaces: - items: - format: string - type: string - type: array - notGroups: - items: - format: string - type: string - type: array - notIps: - items: - format: string - type: string - type: array - notNames: - items: - format: string - type: string - type: array - notNamespaces: - items: - format: string - type: string - type: array - properties: - additionalProperties: - format: string - type: string - description: Optional. - type: object - user: - description: Optional. - format: string - type: string - type: object - type: array - type: object - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - listKind: AuthorizationPolicyList - plural: authorizationpolicies - singular: authorizationpolicy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details at: https://istio.io/docs/reference/config/security/authorization-policy.html' - properties: - action: - description: Optional. - enum: - - ALLOW - - DENY - type: string - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - notIpBlocks: - description: Optional. - items: - format: string - type: string - type: array - notNamespaces: - description: Optional. - items: - format: string - type: string - type: array - notPrincipals: - description: Optional. - items: - format: string - type: string - type: array - notRequestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - description: Optional. - items: - format: string - type: string - type: array - notMethods: - description: Optional. - items: - format: string - type: string - type: array - notPaths: - description: Optional. - items: - format: string - type: string - type: array - notPorts: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - notValues: - description: Optional. - items: - format: string - type: string - type: array - values: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: peerauthentications.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: PeerAuthentication - listKind: PeerAuthenticationList - plural: peerauthentications - singular: peerauthentication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar. - properties: - mtls: - description: Mutual TLS settings for workload. - properties: - mode: - description: Defines the mTLS mode used for peer authentication. - enum: - - UNSET - - DISABLE - - PERMISSIVE - - STRICT - type: string - type: object - portLevelMtls: - additionalProperties: - properties: - mode: - description: Defines the mTLS mode used for peer authentication. - enum: - - UNSET - - DISABLE - - PERMISSIVE - - STRICT - type: string - type: object - description: Port specific mutual TLS settings. - type: object - selector: - description: The selector determines the workloads to apply the ChannelAuthentication on. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: requestauthentications.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: RequestAuthentication - listKind: RequestAuthenticationList - plural: requestauthentications - singular: requestauthentication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: RequestAuthentication defines what request authentication methods are supported by a workload. - properties: - jwtRules: - description: Define the list of JWTs that can be validated at the selected workloads' proxy. - items: - properties: - audiences: - items: - format: string - type: string - type: array - forwardOriginalToken: - description: If set to true, the orginal token will be kept for the ustream request. - type: boolean - fromHeaders: - description: List of header locations from which JWT is expected. - items: - properties: - name: - description: The HTTP header name. - format: string - type: string - prefix: - description: The prefix that should be stripped before decoding the token. - format: string - type: string - type: object - type: array - fromParams: - description: List of query parameters from which JWT is expected. - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - outputPayloadToHeader: - format: string - type: string - type: object - type: array - selector: - description: The selector determines the workloads to apply the RequestAuthentication on. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/charts/rancher-istio/1.5.920/templates/crd-certmanager-10.yaml b/charts/rancher-istio/1.5.920/templates/crd-certmanager-10.yaml deleted file mode 100644 index 3da40f0fb..000000000 --- a/charts/rancher-istio/1.5.920/templates/crd-certmanager-10.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .spec.secretName - name: Secret - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs -{{- end }} diff --git a/charts/rancher-istio/1.5.920/templates/crd-certmanager-11.yaml b/charts/rancher-istio/1.5.920/templates/crd-certmanager-11.yaml deleted file mode 100644 index 5dcd69879..000000000 --- a/charts/rancher-istio/1.5.920/templates/crd-certmanager-11.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.certmanager.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.issuerRef.name - name: Issuer - type: string - priority: 1 - - JSONPath: .status.reason - name: Reason - type: string - priority: 1 - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Order - plural: orders - scope: Namespaced ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: certmanager - chart: certmanager - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: State - type: string - - JSONPath: .spec.dnsName - name: Domain - type: string - - JSONPath: .status.reason - name: Reason - type: string - - JSONPath: .metadata.creationTimestamp - description: |- - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - name: Age - type: date - group: certmanager.k8s.io - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: Challenge - plural: challenges - scope: Namespaced -{{- end }} diff --git a/charts/rancher-istio/1.5.920/templates/crd-mixer.yaml b/charts/rancher-istio/1.5.920/templates/crd-mixer.yaml deleted file mode 100644 index a9feb0357..000000000 --- a/charts/rancher-istio/1.5.920/templates/crd-mixer.yaml +++ /dev/null @@ -1,61 +0,0 @@ -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - labels: - app: mixer - package: adapter - istio: mixer-adapter - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - labels: - app: mixer - package: template - istio: mixer-template - chart: istio - heritage: Tiller - release: istio - annotations: - "helm.sh/resource-policy": keep - helm.sh/hook: crd-install,pre-upgrade -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha2 - served: true - storage: true diff --git a/charts/rancher-istio/1.5.920/templates/endpoints.yaml b/charts/rancher-istio/1.5.920/templates/endpoints.yaml deleted file mode 100755 index 2acb95620..000000000 --- a/charts/rancher-istio/1.5.920/templates/endpoints.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePolicyAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -subsets: -- addresses: - - ip: {{ .Values.global.remoteTelemetryAddress }} - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 -{{- end }} diff --git a/charts/rancher-istio/1.5.920/templates/install-custom-resources.sh.tpl b/charts/rancher-istio/1.5.920/templates/install-custom-resources.sh.tpl deleted file mode 100755 index a5525a139..000000000 --- a/charts/rancher-istio/1.5.920/templates/install-custom-resources.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{ define "install-custom-resources.sh.tpl" }} -#!/bin/sh - -set -x - -if [ "$#" -ne "1" ]; then - echo "first argument should be path to custom resource yaml" - exit 1 -fi - -pathToResourceYAML=${1} - -kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null -if [ "$?" -eq 0 ]; then - echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" - while true; do - kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null - if [ "$?" -eq 0 ]; then - break - fi - sleep 1 - done - kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley - if [ "$?" -ne 0 ]; then - echo "istio-galley deployment rollout status check failed" - exit 1 - fi - echo "istio-galley deployment ready for configuration validation" -fi -sleep 5 -kubectl apply -f ${pathToResourceYAML} -{{ end }} diff --git a/charts/rancher-istio/1.5.920/templates/istio-onefive-migration.yaml b/charts/rancher-istio/1.5.920/templates/istio-onefive-migration.yaml deleted file mode 100644 index acfe78caf..000000000 --- a/charts/rancher-istio/1.5.920/templates/istio-onefive-migration.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if .Values.onefiveMigration.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" -rules: - - apiGroups: ["extensions","apps"] - resources: ["deployments"] - verbs: ["get", "list", "delete"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "delete"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterrolebindings"] - verbs: ["get", "list", "delete"] - - apiGroups: [""] - resources: ["serviceaccounts", "pods"] - verbs: ["get", "list", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-onefive-migration -subjects: - - kind: ServiceAccount - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-onefive-migration - namespace: {{ .Release.Namespace }} - labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - template: - metadata: - name: istio-onefive-migration - labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-onefive-migration - restartPolicy: OnFailure - containers: - - name: migrate - image: "{{ template "system_default_registry" . }}{{ .Values.onefiveMigration.repository }}:{{ .Values.onefiveMigration.tag }}" - imagePullPolicy: Always -{{- end }} diff --git a/charts/rancher-istio/1.5.920/templates/istio-service-rbac.yaml b/charts/rancher-istio/1.5.920/templates/istio-service-rbac.yaml deleted file mode 100644 index b3141141b..000000000 --- a/charts/rancher-istio/1.5.920/templates/istio-service-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: istio-service-reader -rules: - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"] - verbs: ["get", "watch", "list"] - ---- -{{- if .Values.global.members }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-istio-service - namespace: {{ .Release.Namespace }} -subjects: - {{- range $member := .Values.global.members }} - - kind: {{ $member.kind }} - name: {{ $member.name }} - apiGroup: rbac.authorization.k8s.io - {{- end }} -roleRef: - kind: Role - name: istio-service-reader - apiGroup: rbac.authorization.k8s.io -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/1.5.920/templates/service.yaml b/charts/rancher-istio/1.5.920/templates/service.yaml deleted file mode 100755 index 00946ddba..000000000 --- a/charts/rancher-istio/1.5.920/templates/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istio-pilot - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 15003 - name: http-old-discovery # mTLS or non-mTLS depending on auth setting - - port: 15005 - name: https-discovery # always mTLS - - port: 15007 - name: http-discovery # always plain-text - - port: 15010 - name: grpc-xds # direct - - port: 15011 - name: https-xds # mTLS or non-mTLS depending on auth setting - - port: 8080 - name: http-legacy-discovery # direct - - port: 15014 - name: http-monitoring - clusterIP: None -{{- end }} -{{- if and .Values.global.remotePolicyAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-policy - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - clusterIP: None -{{- end }} -{{- if and .Values.global.remoteTelemetryAddress .Values.global.createRemoteSvcEndpoints }} ---- -apiVersion: v1 -kind: Service -metadata: - name: istio-telemetry - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: grpc-mixer - port: 9091 - - name: grpc-mixer-mtls - port: 15004 - - name: http-monitoring - port: 15014 - - name: prometheus - port: 42422 - clusterIP: None -{{- end }} diff --git a/charts/rancher-istio/1.5.920/templates/serviceaccount.yaml b/charts/rancher-istio/1.5.920/templates/serviceaccount.yaml deleted file mode 100755 index c377d10e4..000000000 --- a/charts/rancher-istio/1.5.920/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-multi - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-reader-service-account - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-istio/1.5.920/templates/sidecar-injector-configmap.yaml b/charts/rancher-istio/1.5.920/templates/sidecar-injector-configmap.yaml deleted file mode 100755 index 5cb25b9cf..000000000 --- a/charts/rancher-istio/1.5.920/templates/sidecar-injector-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "istio.name" . }} - chart: {{ template "istio.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - istio: sidecar-injector -data: - values: |- - {{ .Values | toJson }} - - config: |- - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - template: |- -{{ .Files.Get "files/injection-template.yaml" | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": "{{ $val }}" - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/1.5.920/test-values/README.md b/charts/rancher-istio/1.5.920/test-values/README.md deleted file mode 100755 index 8e5ff277c..000000000 --- a/charts/rancher-istio/1.5.920/test-values/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Test Values - -These files are intended to be used to install Istio for E2E tests. - -The rendered files can be generated with `make generate_e2e_yaml`. - -These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. diff --git a/charts/rancher-istio/1.5.920/test-values/values-e2e.yaml b/charts/rancher-istio/1.5.920/test-values/values-e2e.yaml deleted file mode 100755 index 1e1bf1fde..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-e2e.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - enableCoreDump: true - - disablePolicyChecks: false - outboundTrafficPolicy: - mode: REGISTRY_ONLY - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - name: istio-ingressgateway - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - name: istio-egressgateway - enabled: true - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - enabled: true - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - enabled: true - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.5.920/test-values/values-integ.yaml b/charts/rancher-istio/1.5.920/test-values/values-integ.yaml deleted file mode 100755 index 3d079d716..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-integ.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# This file overrides values for e2e testing. - -global: - proxy: - concurrency: 0 - resources: - requests: - cpu: 10m - memory: 40Mi - - accessLogFile: "/dev/stdout" - -prometheus: - scrapeInterval: 5s - -gateways: - istio-ingressgateway: - name: istio-ingressgateway - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - # Disable the specific nodePort mappings for testing - # These occasionally cause port conflict flakes (#14190) - # Lacking a good way to override just part of a list, this is copied from - # the prod values.yaml with nodePort omitted - ports: - - port: 15020 - targetPort: 15020 - name: status-port - - port: 80 - targetPort: 80 - name: http2 - - port: 443 - name: https - - port: 31400 - name: tcp - - port: 15029 - targetPort: 15029 - name: https-kiali - - port: 15030 - targetPort: 15030 - name: https-prometheus - - port: 15031 - targetPort: 15031 - name: https-grafana - - port: 15032 - targetPort: 15032 - name: https-tracing - - port: 15443 - targetPort: 15443 - name: tls - - istio-egressgateway: - name: istio-egressgateway - enabled: false - autoscaleMax: 1 - resources: - requests: - cpu: 10m - memory: 40Mi - limits: - cpu: 100m - memory: 128Mi - -mixer: - policy: - replicaCount: 2 - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - telemetry: - loadshedding: - mode: disabled - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 100Mi - adapters: - stdio: - enabled: true - -sidecarInjectorWebhook: - rewriteAppHTTPProbe: true diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-auth-mcp.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-auth-mcp.yaml deleted file mode 100755 index fb284d926..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-auth-mcp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio-auth.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-auth-multicluster.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-auth-multicluster.yaml deleted file mode 100755 index af147981f..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-auth-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-auth-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-auth-non-mcp.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-auth-non-mcp.yaml deleted file mode 100755 index eab07cd41..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-auth-non-mcp.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - mtls: - enabled: true - - controlPlaneSecurityEnabled: true - - useMCP: false diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-auth-sds.yaml deleted file mode 100755 index 843869703..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-auth-sds.yaml +++ /dev/null @@ -1,24 +0,0 @@ -global: - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - sds: - enabled: true - udsPath: "unix:/var/run/sds/uds_path" - token: - aud: "istio-ca" - - proxy: - enableCoreDump: true - -nodeagent: - enabled: true - image: node-agent-k8s - env: - CA_PROVIDER: "Citadel" - CA_ADDR: "istio-citadel:8060" - VALID_TOKEN: true diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-auth.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-auth.yaml deleted file mode 100755 index 4ec1d35c5..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-auth.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-dns-cert.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-dns-cert.yaml deleted file mode 100755 index 406970396..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-dns-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - certificates: - - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] - - secretName: dns.istio-galley-service-account - dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - - secretName: dns.istio-sidecar-injector-service-account - dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-mcp.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-mcp.yaml deleted file mode 100755 index a6638eefd..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-mcp.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# This is used to generate istio.yaml with MCP enabled -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - useMCP: true - - diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-mesh-networks.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-mesh-networks.yaml deleted file mode 100755 index c713b8af9..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-mesh-networks.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# overrides to test the meshNetworks. -global: - meshNetworks: - # NOTE: DO NOT CHANGE THIS! Its hardcoded in Pilot in different areas - Kubernetes: - endpoints: - - fromRegistry: Kubernetes - gateways: - - port: 15443 - address: 2.2.2.2 - vm: {} - - #This will cause ISTIO_META_NETWORK to be set on the pods and the - #kube controller code to match endpoints from kubernetes with the default - #cluster ID of "Kubernetes". Need to fix this code - network: "Kubernetes" diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-multicluster-split-horizon.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-multicluster-split-horizon.yaml deleted file mode 100755 index e664dd56f..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-multicluster-split-horizon.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. -global: - controlPlaneSecurityEnabled: true - mtls: - enabled: true - proxy: - accessLogFile: "/dev/stdout" - outboundTrafficPolicy: - mode: ALLOW_ANY - meshExpansion: - enabled: true - meshNetworks: - network2: - endpoints: - - fromRegistry: N2_REGISTRY_TOKEN - gateways: - - address: 0.0.0.0 - port: 443 -security: - selfSigned: false -gateways: - istio-egressgateway: - enabled: false - - diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-multicluster.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-multicluster.yaml deleted file mode 100755 index 59b924ac1..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-multicluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This is used to generate istio-multicluster.yaml, used for CI/CD. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - proxy: - accessLogFile: "/dev/stdout" - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - -# In a multiple cluster environment, citadel uses the same root certificate in all the clusters -security: - selfSigned: false diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-non-mcp.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-non-mcp.yaml deleted file mode 100755 index 091681acd..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-non-mcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -global: - useMCP: false diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-one-namespace-auth.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-one-namespace-auth.yaml deleted file mode 100755 index c49f40254..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-one-namespace-auth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-one-namespace-trust-domain.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-one-namespace-trust-domain.yaml deleted file mode 100755 index 1840ab355..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-one-namespace-trust-domain.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: true - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: true - - # Default is 10s second - refreshInterval: 1s - - # The trust domain corresponds to the trust root of a system - trustDomain: test.local - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio-one-namespace.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio-one-namespace.yaml deleted file mode 100755 index 14aa45033..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio-one-namespace.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# This is used to generate istio.yaml used for deprecated CI/CD testing. -global: - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - - ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" - - # Restrict the applications in one namespace the controller manages - oneNamespace: true diff --git a/charts/rancher-istio/1.5.920/test-values/values-istio.yaml b/charts/rancher-istio/1.5.920/test-values/values-istio.yaml deleted file mode 100755 index c115103e1..000000000 --- a/charts/rancher-istio/1.5.920/test-values/values-istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -# This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 -# or v2/alpha3 with 'gradual migration' (using env variable at inject time). -# global: - ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. - # imagePullSecrets: - # - name: "private-registry-key" diff --git a/charts/rancher-istio/1.5.920/values.yaml b/charts/rancher-istio/1.5.920/values.yaml deleted file mode 100755 index e117a97c2..000000000 --- a/charts/rancher-istio/1.5.920/values.yaml +++ /dev/null @@ -1,699 +0,0 @@ -# Top level istio values file has the following sections. -# -# global: This file is the authoritative and exhaustive source for the global section. -# -# chart sections: Every subdirectory inside the charts/ directory has a top level -# configuration key in this file. This file overrides the values specified -# by the charts/${chartname}/values.yaml. -# Check the chart level values file for exhaustive list of configuration options. - -# -# Gateways Configuration, refer to the charts/gateways/values.yaml -# for detailed configuration -# -gateways: - enabled: true - istio-ingressgateway: - labels: - release: cluster-istio # The release name must be cluster-istio - -# -# sidecar-injector webhook configuration, refer to the -# charts/sidecarInjectorWebhook/values.yaml for detailed configuration -# -sidecarInjectorWebhook: - repository: rancher/mirrored-istio-sidecar_injector - tag: 1.5.9 - enabled: true - -# -# galley configuration, refer to charts/galley/values.yaml -# for detailed configuration -# -galley: - repository: rancher/mirrored-istio-galley - tag: 1.5.9 - enabled: true - -# -# mixer configuration -# -# @see charts/mixer/values.yaml for all values -mixer: - repository: rancher/mirrored-istio-mixer - tag: 1.5.9 - policy: - # if policy is enabled the global.disablePolicyChecks has affect. - enabled: true - - telemetry: - enabled: true -# -# pilot configuration -# -# @see charts/pilot/values.yaml -pilot: - repository: rancher/mirrored-istio-pilot - tag: 1.5.9 - enabled: true - -# -# security configuration -# -security: - repository: rancher/mirrored-istio-citadel - tag: 1.5.9 - enabled: true - -# -# nodeagent configuration, see global.nodeagent for setting images -# -nodeagent: - enabled: false - -# -# addon grafana configuration -# -grafana: - # note that this does not get used by default, instead we use monitorings grafana - repository: rancher/mirrored-grafana-grafana - tag: 6.7.4 - enabled: false - -# -# addon prometheus configuration -# -prometheus: - repository: rancher/mirrored-prom-prometheus - tag: v2.12.0 - enabled: false - -# -# addon jaeger tracing configuration -# -tracing: - enabled: false - jaeger: - repository: rancher/mirrored-jaegertracing-all-in-one - tag: 1.14 - zipkin: - repository: rancher/mirrored-openzipkin-zipkin - tag: 2.14.2 - -# -# addon kiali tracing configuration -# -kiali: - repository: rancher/mirrored-kiali-kiali - tag: v1.17 - contextPath: / - dashboard: - jaegerURL: http://tracing.istio-system:80 - grafanaURL: http://access-grafana.cattle-prometheus:80 - grafanaInClusterURL: http://access-grafana.cattle-prometheus:80 - auth: - strategy: anonymous - enabled: false - prometheusAddr: http://access-prometheus.cattle-prometheus:80 - -# -# addon certmanager configuration -# -certmanager: - image: - repository: rancher/mirrored-jetstack-cert-manager-controller - tag: v0.8.1 - enabled: false - -# -# Istio CNI plugin enabled -# This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. -# If true, the privileged initContainer istio-init is not needed to perform the traffic redirect -# settings for the istio-proxy. -# -istio_cni: - enabled: false - -# addon Istio CoreDNS configuration -# -istiocoredns: - image: - repository: rancher/mirrored-coredns-coredns - tag: 1.6.2 - pluginImage: - repository: rancher/mirrored-istio-coredns-plugin - tag: 0.2-istio-1.1 - enabled: false - -# Job to move from 1.4 to 1.5 -# -onefiveMigration: - enabled: true - repository: rancher/istio-1.5-migration - tag: 0.1.1 - -# Common settings used among istio subcharts. -global: - - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - rancher: - clusterId: - - systemDefaultRegistry: "" - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: docker.io/rancher - - # Default tag for Istio images. - tag: 1.5.9 - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - kubectl: - repository: rancher/mirrored-istio-kubectl - tag: 1.5.9 - - # monitoring port used by mixer, pilot, galley and sidecar injector - monitoringPort: 15014 - - k8sIngress: - enabled: false - # Gateway used for k8s Ingress resources. By default it is - # using 'istio:ingressgateway' that will be installed by setting - # 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' - # flags to true. - gatewayName: ingressgateway - # enableHttps will add port 443 on the ingress. - # It REQUIRES that the certificates are installed in the - # expected secrets - enabling this option without certificates - # will result in LDS rejection and the ingress will not work. - enableHttps: false - - curl: - repository: rancher/mirrored-pstauffer-curl - tag: v1.0.3 - - proxy: - # use fully qualified image names for alternate path to proxy. - repository: rancher/mirrored-istio-proxyv2 - tag: 1.5.9 - - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Controls number of Proxy worker threads. - # If set to 0, then start worker thread for each CPU thread/core. - concurrency: 2 - - # Configures the access log for each sidecar. - # Options: - # "" - disables access log - # "/dev/stdout" - enables access log - accessLogFile: "" - - # Configure how and what fields are displayed in sidecar access log. Setting to - # empty string will result in default log format - accessLogFormat: "" - - # Configure the access log for sidecar to JSON or TEXT. - accessLogEncoding: TEXT - - # Configure envoy gRPC access log service. - envoyAccessLogService: - enabled: false - host: # example: accesslog-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/als/cert-chain.pem - privateKey: # example: /etc/istio/als/key.pem - caCertificates: # example: /etc/istio/als/root-cert.pem - sni: # example: als.somedomain - subjectAltNames: [] - # - als.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: "" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. - componentLogLevel: "" - - # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS - # This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. - dnsRefreshRate: 300s - - # Specifies the path to the outlier event log. - outlierLogPath: # example: /dev/stdout - - # Automatic protocol detection uses a set of heuristics to - # determine whether the connection is using TLS or not (on the - # server side), as well as the application protocol being used - # (e.g., http vs tcp). These heuristics rely on the client sending - # the first bits of data. For server first protocols like MySQL, - # MongoDB, etc., Envoy will timeout on the protocol detection after - # the specified period, defaulting to non mTLS plain TCP - # traffic. Set this field to tweak the period that Envoy will wait - # for the client to send the first bits of data. (MUST BE >=1ms) - protocolDetectionTimeout: 100ms - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # If set, newly injected sidecars will have core dumps enabled. - enableCoreDump: false - - # Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true. - enableCoreDumpImage: ubuntu:xenial - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 1 - - # The period between readiness probes. - readinessPeriodSeconds: 2 - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 30 - - # istio egress capture whitelist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - excludeOutboundPorts: "" - - # pod internal interfaces - kubevirtInterfaces: "" - - # istio ingress capture whitelist - # examples: - # Redirect no inbound traffic to Envoy: --includeInboundPorts="" - # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" - # Redirect only selected ports: --includeInboundPorts="80,8080" - includeInboundPorts: "*" - excludeInboundPorts: "" - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument - # would be :). - # Disabled by default. - # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. - envoyStatsd: - # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. - enabled: false - host: # example: statsd-svc.istio-system - port: # example: 9125 - - # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector - # via the Metrics Service gRPC API. This contains detailed stats information emitted directly - # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also - # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. - # - # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto - # for details about Envoy's Metrics Service API. - # - # Disabled by default. - envoyMetricsService: - enabled: false - host: # example: metrics-service.istio-system - port: # example: 15000 - tlsSettings: - mode: DISABLE # DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL - clientCertificate: # example: /etc/istio/ms/cert-chain.pem - privateKey: # example: /etc/istio/ms/key.pem - caCertificates: # example: /etc/istio/ms/root-cert.pem - sni: # example: ms.somedomain - subjectAltNames: [] - # - ms.somedomain - tcpKeepalive: - probes: 3 - time: 10s - interval: 10s - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "zipkin" - - proxy_init: - # Base name for the istio-init container, used to configure iptables. - repository: rancher/mirrored-istio-proxyv2 - tag: 1.5.9 - # Configuration for the proxy init container - init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - - # imagePullPolicy is applied to istio control plane components. - # local tests require IfNotPresent, to avoid uploading to dockerhub. - # TODO: Switch to Always as default, and override in the local tests. - imagePullPolicy: IfNotPresent - - # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are - # propagated, not recommended for tests. - controlPlaneSecurityEnabled: false - - # disablePolicyChecks disables mixer policy checks. - # if mixer.policy.enabled==true then disablePolicyChecks has affect. - # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. - disablePolicyChecks: true - - # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. - # Default is false which means the traffic is denied when the client is unable to connect to Mixer. - policyCheckFailOpen: false - - # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. - enableTracing: true - - # Configuration for each of the supported tracers - tracer: - # Configuration for envoy to send trace data to LightStep. - # Disabled by default. - # address: the : of the satellite pool - # accessToken: required for sending data to the pool - # secure: specifies whether data should be sent with TLS - # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is - # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination - # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. - # - lightstep: - address: "" # example: lightstep-satellite:443 - accessToken: "" # example: abcdefg1234567 - secure: true # example: true|false - cacertPath: "" # example: /etc/lightstep/cacert.pem - zipkin: - # Host:Port for reporting trace data in zipkin format. If not specified, will default to - # zipkin service (port 9411) in the same namespace as the other istio components. - address: "" - datadog: - # Host:Port for submitting traces to the Datadog agent. - address: "$(HOST_IP):8126" - stackdriver: - # enables trace output to stdout. - debug: false - # The global default max number of attributes per span. - maxNumberOfAttributes: 200 - # The global default max number of annotation events per span. - maxNumberOfAnnotations: 200 - # The global default max number of message events per span. - maxNumberOfMessageEvents: 200 - - # Default mtls policy. If true, mtls between services will be enabled by default. - mtls: - # Default setting for service-to-service mtls. Can be set explicitly using - # destination rules or service annotations. - enabled: false - # If set to true, and a given service does not have a corresponding DestinationRule configured, - # or its DestinationRule does not have TLSSettings specified, Istio configures client side - # TLS configuration automatically, based on the server side mTLS authentication policy and the - # availibity of sidecars. - auto: true - - # Lists the secrets you need to use to pull Istio images from a private registry. - imagePullSecrets: [] - # - private-registry-key - - # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: - # 0 - Never scheduled - # 1 - Least preferred - # 2 - No preference - # 3 - Most preferred - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - - # Whether to restrict the applications namespace the controller manages; - # If not set, controller watches all namespaces - oneNamespace: false - - # Default node selector to be applied to all deployments so that all pods can be - # constrained to run a particular nodes. Each component can overwrite these default - # values by adding its node selector block in the relevant section below and setting - # the desired values. - defaultNodeSelector: {} - - # Default node tolerations to be applied to all deployments so that all pods can be - # scheduled to a particular nodes with matching taints. Each component can overwrite - # these default values by adding its tolerations block in the relevant section below - # and setting the desired values. - # Configure this field in case that all pods of Istio control plane are expected to - # be scheduled to particular nodes with specified taints. - defaultTolerations: [] - - # Whether to perform server-side validation of configuration. - configValidation: true - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - # podDNSSearchNamespaces: - # - global - # - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # If set to true, the pilot and citadel mtls will be exposed on the - # ingress gateway - meshExpansion: - enabled: false - # If set to true, the pilot and citadel mtls and the plaintext pilot ports - # will be exposed on an internal gateway - useILB: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # enable pod distruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - # Use the Mesh Control Protocol (MCP) for configuring Mixer and - # Pilot. Requires galley (`--set galley.enabled=true`). - useMCP: true - - # The trust domain corresponds to the trust root of a system - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - # Indicate the domain used in SPIFFE identity URL - # The default depends on the environment. - # kubernetes: cluster.local - # else: default dns domain - trustDomain: "" - - # The trust domain aliases represent the aliases of trust_domain. - # For example, if we have - # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] - # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", - # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. - trustDomainAliases: [] - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Set the default behavior of the sidecar for handling outbound traffic from the application: - # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no - # services or ServiceEntries for the destination port - # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well - # as those defined through ServiceEntries - # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests - # to services outside of the mesh without any ServiceEntry. - # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. - outboundTrafficPolicy: - mode: ALLOW_ANY - - # The namespace where globally shared configurations should be present. - # DestinationRules that apply to the entire mesh (e.g., enabling mTLS), - # default Sidecar configs, etc. should be added to this namespace. - # configRootNamespace: istio-config - - # set the default set of namespaces to which services, service entries, virtual services, destination - # rules should be exported to. Currently only one value can be provided in this list. This value - # should be one of the following two options: - # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. - # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host - # defaultConfigVisibilitySettings: - #- '*' - - # - # nodeagent configuration - # - nodeagent: - repository: rancher/mirrored-istio-node-agent-k8s - tag: 1.5.9 - - sds: - # SDS enabled. IF set to true, mTLS certificates for the sidecars will be - # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. - enabled: false - udsPath: "" - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Specifies the global locality load balancing settings. - # Locality-weighted load balancing allows administrators to control the distribution of traffic to - # endpoints based on the localities of where the traffic originates and where it will terminate. - # Either failover or distribute configuration can be set, but not both. If neither are provided - # failover mode will be used. - # - # localityLbSetting: - # enabled: true - # distribute: - # - from: "us-central1/*" - # to: - # "us-central1/*": 80 - # "us-central2/*": 20 - # - # localityLbSetting: - # enabled: true - # failover: - # - from: us-east - # to: eu-west - # - from: us-west - # to: us-east - localityLbSetting: - enabled: true - - # Specifies whether helm test is enabled or not. - # This field is set to false by default, so 'helm template ...' - # will ignore the helm test yaml files when generating the template - enableHelmTest: false - - # Configures DNS certificates provisioned through Chiron linked into Pilot. - # The DNS names in this file are all hard-coded; please ensure the namespaces - # in dnsNames are consistent with those of your services. - # Example: - # certificates: - # - secretName: dns.istio-galley-service-account - # dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] - # - secretName: dns.istio-sidecar-injector-service-account - # dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] - certificates: [] - - # Configure whether Operator manages webhook configurations. The current behavior - # of Galley and Sidecar Injector is that they manage their own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false diff --git a/charts/rancher-k3s-upgrader/0.7.0/Chart.yaml b/charts/rancher-k3s-upgrader/0.7.0/Chart.yaml new file mode 100644 index 000000000..bcffa8f06 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +name: rancher-k3s-upgrader +description: Enables a k3s or rke2 cluster to update itself by reacting to Plan CRs. + Users do not need to manually upgrade this app. It will be automatically upgraded to the latest version when upgrading a cluster. +home: https://github.com/rancher/system-charts/blob/dev-v2.9/charts/rancher-k3s-upgrader +sources: + - "https://github.com/rancher/system-charts/blob/dev-v2.9/charts/rancher-k3s-upgrader" +version: 0.7.0 +appVersion: v0.13.4 +kubeVersion: '>= 1.25.0-0' diff --git a/charts/rancher-k3s-upgrader/0.7.0/questions.yml b/charts/rancher-k3s-upgrader/0.7.0/questions.yml new file mode 100644 index 000000000..e625c8e57 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/questions.yml @@ -0,0 +1 @@ +rancher_min_version: 2.9.0-alpha1 diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/NOTES.txt b/charts/rancher-k3s-upgrader/0.7.0/templates/NOTES.txt new file mode 100644 index 000000000..b08f5ae30 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/NOTES.txt @@ -0,0 +1,4 @@ +You have deployed the Rancher K3s Upgrader +Version: {{ .Chart.AppVersion }} +Description: This controller enables a k3s or rke2 cluster to update itself by reacting to Plan CRs. + Users do not need to manually upgrade this app. It will be automatically upgraded to the latest version when upgrading a cluster. \ No newline at end of file diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/_helpers.tpl b/charts/rancher-k3s-upgrader/0.7.0/templates/_helpers.tpl new file mode 100644 index 000000000..67a534eb7 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/clusterrolebinding.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..f2a09949d --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-upgrade-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: system-upgrade-controller + namespace: cattle-system diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/configmap.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/configmap.yaml new file mode 100644 index 000000000..7619c3974 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/configmap.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: system-upgrade-controller-config + namespace: cattle-system +data: + SYSTEM_UPGRADE_CONTROLLER_DEBUG: {{ .Values.systemUpgradeControllerDebug | default "false" | quote }} + SYSTEM_UPGRADE_CONTROLLER_THREADS: {{ .Values.systemUpgradeControllerThreads | default "2" | quote }} + SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: {{ .Values.systemUpgradeJobActiveDeadlineSeconds | default "900" | quote }} + SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: {{ .Values.systemUpgradeJobBackoffLimit | default "99" | quote }} + SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: {{ .Values.systemUpgradeJobImagePullPolicy | default "IfNotPresent" | quote }} + SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: {{ template "system_default_registry" . }}{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }} + SYSTEM_UPGRADE_JOB_PRIVILEGED: {{ .Values.systemUpgradeJobPrivileged | default "true" | quote }} + SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: {{ .Values.systemUpgradeJobTTLSecondsAfterFinish | default "900" | quote }} + SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: {{ .Values.systemUpgradePlanRollingInterval | default "15m" | quote }} + diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/deployment.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/deployment.yaml new file mode 100644 index 000000000..cfc27992e --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: system-upgrade-controller + namespace: cattle-system +spec: + selector: + matchLabels: + upgrade.cattle.io/controller: system-upgrade-controller + template: + metadata: + labels: + upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "kubernetes.io/os" + operator: NotIn + values: + - windows + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: In + values: + - "true" + weight: 100 + - preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "true" + weight: 100 + tolerations: + - operator: Exists + serviceAccountName: system-upgrade-controller + containers: + - name: system-upgrade-controller + image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }} + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: system-upgrade-controller-config + env: + - name: SYSTEM_UPGRADE_CONTROLLER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['upgrade.cattle.io/controller'] + - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: etc-ssl + mountPath: /etc/ssl + - name: tmp + mountPath: /tmp + volumes: + - name: etc-ssl + hostPath: + path: /etc/ssl + type: Directory + - name: tmp + emptyDir: {} diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/namespace.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/namespace.yaml new file mode 100644 index 000000000..da0eaec36 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cattle-system + annotations: + "helm.sh/resource-policy": keep diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/serviceaccount.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..b6cdcf48b --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: system-upgrade-controller + namespace: cattle-system diff --git a/charts/rancher-k3s-upgrader/0.7.0/values.yaml b/charts/rancher-k3s-upgrader/0.7.0/values.yaml new file mode 100644 index 000000000..5a8183ed3 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/values.yaml @@ -0,0 +1,13 @@ +global: + cattle: + systemDefaultRegistry: "" + +systemUpgradeController: + image: + repository: rancher/system-upgrade-controller + tag: v0.13.4 + +kubectl: + image: + repository: rancher/kubectl + tag: v1.23.3 diff --git a/charts/rancher-logging/0.0.1/.helmignore b/charts/rancher-logging/0.0.1/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-logging/0.0.1/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-logging/0.0.1/Chart.yaml b/charts/rancher-logging/0.0.1/Chart.yaml deleted file mode 100644 index 06bf0c737..000000000 --- a/charts/rancher-logging/0.0.1/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -description: Rancher logging helm chart to support logging function in rancher -icon: https://raw.githubusercontent.com/fluent/fluentd-docs/master/public/logo/Fluentd_square.png -name: rancher-logging -version: 0.1.0 -appVersion: v1.1.3 -home: https://www.fluentd.org/ -sources: - - https://www.fluentd.org/ -maintainers: - - name: Michelia - email: support@rancher.com -kubeVersion: <1.21.0-0 diff --git a/charts/rancher-logging/0.0.1/README.md b/charts/rancher-logging/0.0.1/README.md deleted file mode 100644 index 795aec4ab..000000000 --- a/charts/rancher-logging/0.0.1/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# Rancher Logging - -* Installs [Fluentd](https://www.fluentd.org/) and flexvolume log driver to collect container logs in Rancher - -## Introduction - -This chart bootstraps a [Fluentd](https://www.fluentd.org/) daemonset and a [Log-Aggregator](https://github.com/rancher/log-aggregator) flexvolume on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -It's use for sends logs to log target config in rancher. - -## Prerequisites - - Rancher 2.1+ \ No newline at end of file diff --git a/charts/rancher-logging/0.0.1/charts/fluentd-tester/Chart.yaml b/charts/rancher-logging/0.0.1/charts/fluentd-tester/Chart.yaml deleted file mode 100644 index d9878e638..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd-tester/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -name: fluentd-tester -version: 0.0.1 -appVersion: 1.1.3 -home: https://www.fluentd.org/ -description: A Fluentd Test Helm chart for validate fluentd config -icon: https://raw.githubusercontent.com/fluent/fluentd-docs/master/public/logo/Fluentd_square.png -keywords: -- fluentd -- rancher -- logging -sources: -- https://github.com/helm/charts/stable/fluentd-elasticsearch -maintainers: -- name: michelia - email: support@rancher.com -engine: gotpl diff --git a/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/_helpers.tpl b/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/_helpers.tpl deleted file mode 100644 index fa228e545..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/_helpers.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "fluentd-tester.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "fluentd-tester.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "fluentd-tester.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fluentd-tester.version" -}} -{{- $name := include "fluentd-tester.name" . -}} -{{- $version := .Chart.Version | replace "+" "_" -}} -{{- printf "%s-%s" $name $version -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "fluentd-tester.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "fluentd-tester.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/clusterrole.yaml b/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/clusterrole.yaml deleted file mode 100644 index b6f4a89ed..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: {{ template "rbac_api_version" . }} -metadata: - name: {{ template "fluentd-tester.fullname" . }} - labels: - app: {{ template "fluentd-tester.name" . }} - chart: {{ template "fluentd-tester.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - "namespaces" - - "pods" - verbs: - - "get" - - "watch" - - "list" -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/clusterrolebinding.yaml b/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/clusterrolebinding.yaml deleted file mode 100644 index b920a82ee..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRoleBinding -apiVersion: {{ template "rbac_api_version" . }} -metadata: - name: {{ template "fluentd-tester.fullname" . }} - labels: - app: {{ template "fluentd-tester.name" . }} - chart: {{ template "fluentd-tester.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -subjects: -- kind: ServiceAccount - name: {{ template "fluentd-tester.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "fluentd-tester.fullname" . }} - apiGroup: rbac.authorization.k8s.io -{{- end -}} diff --git a/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/deployment.yaml b/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/deployment.yaml deleted file mode 100644 index 5f7c743c8..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/deployment.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: {{ template "deployment_api_version" . }} -kind: Deployment -metadata: - name: {{ template "fluentd-tester.fullname" . }} - labels: - app: {{ template "fluentd-tester.name" . }} - chart: {{ template "fluentd-tester.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels | indent 4 }} -{{- end }} -spec: -{{- if .Values.updateStrategy }} - updateStrategy: -{{ toYaml .Values.updateStrategy | indent 4 }} -{{- end }} - selector: - matchLabels: - app: {{ template "fluentd-tester.name" . }} - chart: {{ template "fluentd-tester.version" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "fluentd-tester.name" . }} - chart: {{ template "fluentd-tester.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.labels }} - {{ toYaml .Values.labels | indent 4 }} - {{- end }} -{{- if .Values.annotations }} -{{ toYaml .Values.annotations | indent 8 }} -{{- end }} - spec: - serviceAccountName: {{ template "fluentd-tester.fullname" . }} - containers: - - name: "dry-run" - image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{ .Values.command }} - {{ end }} - env: - {{- range $key, $value := .Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - - name: K8S_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - resources: -{{ toYaml .Values.resources | indent 10 }} -{{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} -{{- end }} -{{- if .Values.service }} - ports: -{{- range $port := .Values.service.ports }} - - name: {{ $port.name }} - containerPort: {{ $port.port }} -{{- if $port.protocol }} - protocol: {{ $port.protocol }} -{{- end }} -{{- end }} -{{- end }} -{{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} -{{- end }} diff --git a/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/service-account.yaml b/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/service-account.yaml deleted file mode 100644 index bd1999681..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd-tester/templates/service-account.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "fluentd-tester.fullname" . }} - labels: - app: {{ template "fluentd-tester.name" . }} - chart: {{ template "fluentd-tester.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end -}} diff --git a/charts/rancher-logging/0.0.1/charts/fluentd-tester/values.yaml b/charts/rancher-logging/0.0.1/charts/fluentd-tester/values.yaml deleted file mode 100644 index 601af7c47..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd-tester/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -labels: {} - -image: - repository: rancher/fluentd - tag: v0.1.12 - pullPolicy: IfNotPresent - -resources: {} - # limits: - # cpu: 100m - # memory: 500Mi - # requests: - # cpu: 100m - # memory: 200Mi -# env: - -command: '["sh", "-c", "tail -f /dev/null"]' - -rbac: - create: true - -serviceAccount: - create: true - -annotations: {} - -# updateStrategy: -# type: RollingUpdate - -tolerations: - - effect: NoSchedule - operator: Exists - -nodeSelector: {} \ No newline at end of file diff --git a/charts/rancher-logging/0.0.1/charts/fluentd/Chart.yaml b/charts/rancher-logging/0.0.1/charts/fluentd/Chart.yaml deleted file mode 100644 index a0b888829..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -name: fluentd -version: 0.0.1 -appVersion: 1.1.3 -home: https://www.fluentd.org/ -description: A Fluentd Helm chart for Rancher system logging -icon: https://raw.githubusercontent.com/fluent/fluentd-docs/master/public/logo/Fluentd_square.png -keywords: -- fluentd -- rancher -- logging -sources: -- https://github.com/helm/charts/stable/fluentd-elasticsearch -maintainers: -- name: michelia - email: support@rancher.com -engine: gotpl diff --git a/charts/rancher-logging/0.0.1/charts/fluentd/templates/_helpers.tpl b/charts/rancher-logging/0.0.1/charts/fluentd/templates/_helpers.tpl deleted file mode 100644 index 9cd0996bd..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd/templates/_helpers.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "fluentd.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "fluentd.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "fluentd.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fluentd.version" -}} -{{- $name := include "fluentd.name" . -}} -{{- $version := .Chart.Version | replace "+" "_" -}} -{{- printf "%s-%s" $name $version -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "fluentd.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "fluentd.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-logging/0.0.1/charts/fluentd/templates/clusterrole.yaml b/charts/rancher-logging/0.0.1/charts/fluentd/templates/clusterrole.yaml deleted file mode 100644 index 1160fb3dd..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd/templates/clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: {{ template "rbac_api_version" . }} -metadata: - name: {{ template "fluentd.fullname" . }} - labels: - app: {{ template "fluentd.name" . }} - chart: {{ template "fluentd.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - "namespaces" - - "pods" - verbs: - - "get" - - "watch" - - "list" -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-logging/0.0.1/charts/fluentd/templates/clusterrolebinding.yaml b/charts/rancher-logging/0.0.1/charts/fluentd/templates/clusterrolebinding.yaml deleted file mode 100644 index 4eb7b5062..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRoleBinding -apiVersion: {{ template "rbac_api_version" . }} -metadata: - name: {{ template "fluentd.fullname" . }} - labels: - app: {{ template "fluentd.name" . }} - chart: {{ template "fluentd.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -subjects: -- kind: ServiceAccount - name: {{ template "fluentd.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "fluentd.fullname" . }} - apiGroup: rbac.authorization.k8s.io -{{- end -}} diff --git a/charts/rancher-logging/0.0.1/charts/fluentd/templates/daemonset.yaml b/charts/rancher-logging/0.0.1/charts/fluentd/templates/daemonset.yaml deleted file mode 100644 index e7e436109..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd/templates/daemonset.yaml +++ /dev/null @@ -1,191 +0,0 @@ -apiVersion: {{ template "daemonset_api_version" . }} -kind: DaemonSet -metadata: - name: {{ template "fluentd.fullname" . }} - labels: - app: {{ template "fluentd.name" . }} - chart: {{ template "fluentd.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels | indent 4 }} -{{- end }} -spec: -{{- if .Values.updateStrategy }} - updateStrategy: -{{ toYaml .Values.updateStrategy | indent 4 }} -{{- end }} - selector: - matchLabels: - app: {{ template "fluentd.name" . }} - chart: {{ template "fluentd.version" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "fluentd.name" . }} - chart: {{ template "fluentd.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.labels }} - {{ toYaml .Values.labels | indent 4 }} - {{- end }} -{{- if .Values.annotations }} -{{ toYaml .Values.annotations | indent 8 }} -{{- end }} - spec: - serviceAccountName: {{ template "fluentd.fullname" . }} - containers: - - name: {{ template "fluentd.fullname" . }} - image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{ .Values.command }} - {{ end }} - env: - {{- range $key, $value := .Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - - name: K8S_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - resources: -{{ toYaml .Values.resources | indent 10 }} - volumeMounts: - - mountPath: /fluentd/etc/config/custom - name: custom - - mountPath: /fluentd/etc/config/precan - name: config - - mountPath: /fluentd/etc/config/entry - name: entry - - mountPath: /fluentd/etc/config/ssl - name: ssl - - mountPath: {{ .Values.cluster.dockerRoot }} - name: dockerroot - - mountPath: /var/log/containers - name: varlogcontainers - - mountPath: /var/log/pods - name: varlogpods - - mountPath: /var/lib/rancher/rke/log - name: rkelog - - mountPath: /var/lib/rancher/log-volumes - name: customlog - - mountPath: /fluentd/log - name: fluentdlog - - name: libsystemddir - mountPath: /host/lib - readOnly: true -{{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} -{{- end }} - ports: -{{- range $port := .Values.service.ports }} - - name: {{ $port.name }} - containerPort: {{ $port.port }} -{{- if $port.protocol }} - protocol: {{ $port.protocol }} -{{- end }} -{{- end }} -{{- if .Values.livenessProbe.enabled }} - # Liveness probe is aimed to help in situarions where fluentd - # silently hangs for no apparent reasons until manual restart. - # The idea of this probe is that if fluentd is not queueing or - # flushing chunks for 5 minutes, something is not right. If - # you want to change the fluentd configuration, reducing amount of - # logs fluentd collects, consider changing the threshold or turning - # liveness probe off completely. - livenessProbe: - initialDelaySeconds: 600 - periodSeconds: 60 - exec: - command: - - '/bin/sh' - - '-c' - - > - LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-300}; - STUCK_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-900}; - if [ ! -e /fluentd/log/buffer ]; - then - exit 1; - fi; - touch -d "${STUCK_THRESHOLD_SECONDS} seconds ago" /tmp/marker-stuck; - if [[ -z "$(find /fluentd/log/buffer -type f -newer /tmp/marker-stuck -print -quit)" ]]; - then - rm -rf /fluentd/log/buffer; - exit 1; - fi; - touch -d "${LIVENESS_THRESHOLD_SECONDS} seconds ago" /tmp/marker-liveness; - if [[ -z "$(find /fluentd/log/buffer -type f -newer /tmp/marker-liveness -print -quit)" ]]; - then - exit 1; - fi; -{{- end }} - - name: {{ template "fluentd.fullname" . }}-{{ .Values.configmapReload.name }} - image: {{ template "system_default_registry" . }}{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }} - imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}" - args: - - --volume-dir=/fluentd/etc/config/custom - - --volume-dir=/fluentd/etc/config/precan - - --volume-dir=/fluentd/etc/config/ssl - - --volume-dir=/fluentd/etc/config/entry - - --webhook-method=GET - - --webhook-url=http://127.0.0.1:24444/api/config.reload - resources: - {{ toYaml .Values.configmapReload.resources | indent 12 }} - volumeMounts: - - mountPath: /fluentd/etc/config/custom - name: custom - - mountPath: /fluentd/etc/config/precan - name: config - - mountPath: /fluentd/etc/config/entry - name: entry - - mountPath: /fluentd/etc/config/ssl - name: ssl - terminationGracePeriodSeconds: 30 - volumes: - - hostPath: - path: /var/lib/rancher/fluentd/etc/config/custom - name: custom - - hostPath: - path: {{ .Values.cluster.dockerRoot }} - name: dockerroot - - hostPath: - path: /var/log/containers - name: varlogcontainers - - hostPath: - path: /var/log/pods - name: varlogpods - - hostPath: - path: /var/lib/rancher/rke/log - name: rkelog - - hostPath: - path: /var/lib/rancher/log-volumes - name: customlog - - hostPath: - path: /var/lib/rancher/fluentd/log - name: fluentdlog - - name: config - secret: - secretName: {{ template "fluentd.fullname" . }} - - name: entry - secret: - secretName: {{ template "fluentd.fullname" . }}-entry - - name: ssl - secret: - secretName: {{ template "fluentd.fullname" . }}-ssl - - name: libsystemddir - hostPath: - path: /usr/lib64 -{{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6 }} -{{- end }} diff --git a/charts/rancher-logging/0.0.1/charts/fluentd/templates/secret.yaml b/charts/rancher-logging/0.0.1/charts/fluentd/templates/secret.yaml deleted file mode 100644 index efd2df070..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd/templates/secret.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "fluentd.fullname" . }} - labels: - app: {{ template "fluentd.name" . }} - chart: {{ template "fluentd.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{- range $key, $value := .Values.secrets.config }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "fluentd.fullname" . }}-entry - labels: - app: {{ template "fluentd.name" . }}-entry - chart: {{ template "fluentd.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - kubernetes.io/cluster-service: "true" -type: Opaque -data: -{{- range $key, $value := .Values.secrets.entry }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "fluentd.fullname" . }}-ssl - labels: - app: {{ template "fluentd.name" . }}-ssl - chart: {{ template "fluentd.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - kubernetes.io/cluster-service: "true" -type: Opaque \ No newline at end of file diff --git a/charts/rancher-logging/0.0.1/charts/fluentd/templates/service-account.yaml b/charts/rancher-logging/0.0.1/charts/fluentd/templates/service-account.yaml deleted file mode 100644 index 24470b6e2..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd/templates/service-account.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "fluentd.fullname" . }} - labels: - app: {{ template "fluentd.name" . }} - chart: {{ template "fluentd.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end -}} diff --git a/charts/rancher-logging/0.0.1/charts/fluentd/templates/service.yaml b/charts/rancher-logging/0.0.1/charts/fluentd/templates/service.yaml deleted file mode 100644 index 9163f61aa..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd/templates/service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.service }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "fluentd.fullname" . }} - labels: - app: {{ template "fluentd.name" . }} - chart: {{ template "fluentd.version" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{- range $port := .Values.service.ports }} - - name: {{ $port.name }} - port: {{ $port.port }} - targetPort: {{ $port.port }} - {{- if $port.nodePort }} - nodePort: {{ $port.nodePort }} - {{- end }} - {{- if $port.protocol }} - protocol: {{ $port.protocol }} - {{- end }} - {{- end }} - selector: - app: {{ template "fluentd.name" . }} - chart: {{ template "fluentd.version" . }} -{{- end }} diff --git a/charts/rancher-logging/0.0.1/charts/fluentd/values.yaml b/charts/rancher-logging/0.0.1/charts/fluentd/values.yaml deleted file mode 100644 index 1c715b775..000000000 --- a/charts/rancher-logging/0.0.1/charts/fluentd/values.yaml +++ /dev/null @@ -1,437 +0,0 @@ -labels: {} - -image: - repository: rancher/fluentd - tag: v0.1.13 - pullPolicy: IfNotPresent - -resources: {} - # limits: - # cpu: 100m - # memory: 500Mi - # requests: - # cpu: 100m - # memory: 200Mi -# env: - -command: '["fluentd", "-c", "/fluentd/etc/config/entry/fluent.conf"]' - -rbac: - create: true - -serviceAccount: - create: true - -livenessProbe: - enabled: true - -annotations: {} - -# updateStrategy: -# type: RollingUpdate - -tolerations: - - effect: NoSchedule - operator: Exists - - -nodeSelector: {} - -service: - type: ClusterIP - ports: - - name: metric - port: 24231 - targetPort: metric - -cluster: - dockerRoot: /var/lib/docker - -configmapReload: - name: reloader - image: - repository: jimmidyson/configmap-reload - tag: v0.2.2 - pullPolicy: IfNotPresent - resources: {} - -secrets: - entry: - fluent.conf: |- - @include /fluentd/etc/config/precan/*.conf - - @include /fluentd/etc/config/custom/project/*.conf - @include /fluentd/etc/config/custom/cluster/*.conf - config: - system.conf: |- - - @type prometheus - bind 0.0.0.0 - port 24231 - metrics_path /metrics - - - - @type prometheus_output_monitor - interval 10 - - pod_name ${hostname} - - - - - rpc_endpoint 127.0.0.1:24444 - - custom_cluster.conf: |- - - @type tail - path /var/lib/rancher/log-volumes/*/apache2/*/* - pos_file /fluentd/log/custom_cluster_apache2_new.log.pos - tag tmp-cluster-custom.* - format /^(?[^ ]*) [^ ]* (?[^ ]*) \[(?